crtxcr/exile.h
1
0
Forkuj 0
Kod Zgłoszenia 14 Oczekujące zmiany 1 Wydania Wiki Aktywność

Allow adding syscalls by group names #18

Nowe zgłoszenie
Zamknięty
otworzone 2021-09-06 22:35:05 +02:00 przez crtxcr · 1 comment
crtxcr skomentował(-a) 2021-09-06 22:35:05 +02:00
Właściciel
Skopiuj link

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().
crtxcr dodano
enhancement
 etykietę 2021-09-06 22:35:05 +02:00
crtxcr skomentował(-a) 2021-09-18 22:55:42 +02:00
Author
Właściciel
Skopiuj link

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?
crtxcr zamknął(-ęła) to zgłoszenie 2021-11-20 19:52:05 +01:00
Zaloguj się, aby dołączyć do tej rozmowy.
Nie określono gałęzi/etykiety
Gałęzie Tagi
Etykiety
Wyczyść etykiety   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

Brak etykiety
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Kamień milowy
Wyczyść kamień milowy
Brak elementów
Brak kamienia milowego
Przypisani
Usuń przypisanych
Brak przypisanych
Uczestnicy 1
Powiadomienia
Termin realizacji
Data realizacji jest niewłaściwa lub spoza zakresu. Użyj formatu 'yyyy-mm-dd'.

Brak ustawionego terminu realizacji.

Zależności

No dependencies set.

Reference: crtxcr/exile.h#18
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?