crtxcr/exile.h
1
0
Forka 0
Codice Problemi 14 Pull Requests 1 Rilasci Wiki Attività

Allow adding syscalls by group names #18

Nuovo Problema
Chiuso
aperto 2021-09-06 22:35:05 +02:00 da crtxcr · 1 comment
crtxcr 2021-09-06 22:35:05 +02:00 ha commentato
Proprietario
Copia link

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().
crtxcr ha aggiunto l'etichetta
enhancement
 2021-09-06 22:35:05 +02:00
crtxcr 2021-09-18 22:55:42 +02:00 ha commentato
Autore
Proprietario
Copia link

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?
crtxcr chiuso questo probleam 2021-11-20 19:52:05 +01:00
Effettua l'accesso per partecipare alla conversazione.
Nessun Branch/Tag specificato
Rami (Branch) Tag
Etichette
Pulisci le etichette   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

Nessuna etichetta
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Traguardo
Milestone pulita
Nessun elemento
Nessuna milestone
Assegnatari
Cancella assegnatari
Nessuna assegnatario
1 Partecipanti
Notifiche
Data di scadenza
La data di scadenza non è valida o fuori intervallo. Si prega di utilizzare il formato 'aaaa-mm-dd'.

Nessuna data di scadenza impostata.

Dipendenze

Nessuna dipendenza impostata.

Riferimento: crtxcr/exile.h#18
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?