Allow adding syscalls by group names #18

Нова задача

crtxcr · 2021-09-06T22:35:05+02:00

crtxcr прокоментував(ла)

2021-09-06 22:35:05 +02:00

Власник

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().

crtxcr додано enhancement з міткою 2021-09-06 22:35:05 +02:00

crtxcr прокоментував(ла)

2021-09-18 22:55:42 +02:00

Автор

Власник

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?

crtxcr закрив(ла) цю задачу

2021-11-20 19:52:05 +01:00

Увійдіть, щоб приєднатися до розмови.

1 учасників

Сповіщення

Строк виконання

Термін виконання не встановлений.

Залежності

Залежностей не встановлено.

Посилання: crtxcr/exile.h#18