crtxcr
/
exile.h
1
0
Fork 0
Código Issues 14 Pull requests 1 Versões Wiki Atividade

Allow adding syscalls by group names #18

Nova issue
Fechado
aberto por crtxcr 2021-09-06 22:35:05 +02:00 · 1 comentário
crtxcr comentou 2021-09-06 22:35:05 +02:00
Proprietário
Copiar link

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().
crtxcr adicionou o rótulo
enhancement
 2021-09-06 22:35:05 +02:00
crtxcr comentou 2021-09-18 22:55:42 +02:00
Autor
Proprietário
Copiar link

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?
Acesse para participar desta conversação.
Nenhum branch/tag especificado
Branches Tags
master
next
WIP/enosys
WIP/cpp
Etiquetas
Limpar etiquetas   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

Sem etiqueta
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Marco
Limpar marco
Nenhum item
Sem marco
Responsáveis
Limpar responsáveis
Sem responsável
1 participante(s)
Notificações
Data limite
A data limite é inválida ou está fora do intervalo. Por favor, use o formato 'dd/mm/aaaa'.

Data limite não informada.

Dependências

Nenhuma dependência definida.

Referência: crtxcr/exile.h#18
Nenhuma descrição fornecida.
Excluir branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?