crtxcr/exile.h
1
0
Bifurcation 0
Code Tickets 14 Demandes d'ajout 1 Publications Wiki Activité

Allow adding syscalls by group names #18

Nouveau ticket
Fermé
créé 2021-09-06 22:35:05 +02:00 par crtxcr · 1 commentaire
crtxcr a commenté 2021-09-06 22:35:05 +02:00.
Propriétaire
Copier le lien

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().
crtxcr a ajouté le label
enhancement
 2021-09-06 22:35:05 +02:00.
crtxcr a commenté 2021-09-18 22:55:42 +02:00.
Auteur
Propriétaire
Copier le lien

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?
crtxcr a fermé ce ticket 2021-11-20 19:52:05 +01:00.
Connectez-vous pour rejoindre cette conversation.
Aucune branche/étiquette spécifiées
Branches Étiquettes
Labels
Effacer les labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

Sans labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Jalon
Effacer le jalon
Pas d'élément
Sans jalon
Assignés
Supprimer les affectations
Sans assignation
1 participants
Notifications
Échéance
La date d’échéance est invalide ou hors plage. Veuillez utiliser le format 'aaaa-mm-dd'.

Aucune échéance n'a été définie.

Dépendances

Aucune dépendance définie.

Référence : crtxcr/exile.h#18
Sans contenu.
Supprimer la branche "%!s()"

La suppression d’une branche est permanente. Bien qu’une branche supprimée puisse temporairement subsister, elle NE PEUT PAS être facilement restaurée. Continuer ?