Allow adding syscalls by group names #18

新增問題

已關閉

建立於 2021-09-06 22:35:05 +02:00 由 crtxcr · 1 comment

crtxcr 已留言 2021-09-06 22:35:05 +02:00

擁有者

複製連結

If you add "open", there is a chance you also want to block "openat"...

So make this easy by allow adding system call by group names to the policy.

Also, maybe take some inspiration from pledge().

If you add "open", there is a chance you also want to block "openat"... So make this easy by allow adding system call by group names to the policy. Also, maybe take some inspiration from pledge().

crtxcr 加入了

enhancement

標籤 2021-09-06 22:35:05 +02:00

crtxcr 已留言 2021-09-18 22:55:42 +02:00

作者

擁有者

複製連結

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet.

Thus, we may habe to auto blacklist all those that we do not know.

Alternatively, adding syscalls by groups should only be allowed for whitelisting?

If there was a kernel update, but no qssb.h update or code is using an outdated verison, new syscalls could have been added that are not in any group yet. Thus, we may habe to auto blacklist all those that we do not know. Alternatively, adding syscalls by groups should only be allowed for whitelisting?

crtxcr 關閉了這個問題 2021-11-20 19:52:05 +01:00

登入 才能加入這對話。

未指定分支或標籤

分支 標籤

master

next

WIP/enosys

WIP/cpp

標籤

清除已選取標籤   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

未選擇標籤

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

里程碑

清除已選取里程碑

沒有項目

未選擇里程碑

負責人

清除負責人

沒有負責人

1 參與者

通知

訂閱

截止日期

截止日期無效或超出範圍，請使用「yyyy-mm-dd」的格式。

未設定截止日期。

先決條件

未設定先決條件。

參考: crtxcr/exile.h#18

No description provided.