crtxcr
/
exile.h
1
0
Fork 0
Koodi Ongelmat 14 Pull-pyynnöt 1 Julkaisut Wiki Toiminta

WIP pledge/low-level seccomp arg filter interface #22

Suljettu
crtxcr haluaa yhdistää 0 committia lähteestä WIP/argsfilter kohteeseen master
vedä kohteesta: WIP/argsfilter
merge into: crtxcr:master
Keskustelu 2 Commitit - Muuttuneet tiedostot -
crtxcr kommentoi 2021-11-21 15:29:20 +01:00
Omistaja
Kopioi linkki
No description provided.
crtxcr force-pushed WIP/argsfilter from 89749bd03b to 371c6a94b6 2021-11-30 18:33:22 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from 371c6a94b6 to ac3e84ed16 2021-12-01 23:55:57 +01:00 Compare
crtxcr kommentoi 2021-12-02 10:17:27 +01:00
Tekijä
Omistaja
Kopioi linkki

Test for blacklist:

  • syscall without args
  • syscall with args
  • syscall without args
Test for blacklist: - syscall without args - syscall with args - syscall without args
crtxcr muutti otsikon WIP low-level seccomp arg filter interface otsikoksi WIP pledge/low-level seccomp arg filter interface 2021-12-05 17:32:21 +01:00
crtxcr force-pushed WIP/argsfilter from 7bfa7f5961 to 08a2445c26 2021-12-19 20:27:13 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from fa473601d3 to eca3b3d622 2021-12-20 16:16:06 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from eca3b3d622 to c7991ceefa 2021-12-20 17:30:51 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from 9a95ad0c6a to 34b58c5b32 2021-12-24 16:22:28 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from 45f5f16bb8 to d742397b52 2021-12-26 18:16:07 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from beeae95fe1 to 72ee3b3d74 2021-12-27 00:44:44 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from 72ee3b3d74 to a7a9c6962a 2021-12-27 12:00:41 +01:00 Compare
crtxcr force-pushed WIP/argsfilter from 3e4ae74203 to ca0f82790c 2021-12-27 12:36:32 +01:00 Compare
crtxcr lisäsi 2 committia 2021-12-27 14:18:15 +01:00
631980b775 Include linux/capability.h instead of sys/capability.h 
Some distros put sys/capability.h into libcap-dev or
similiar, which is a bit unforunate, we don't need
libcap-dev or anything like that.

Since we anyway only used the capget()/capset(), we can
just define a simple wrapper and call the syscall directly
and therefore avoid above mentioned issue.
crtxcr lisäsi 1 commitin 2021-12-27 14:26:47 +01:00
crtxcr lisäsi 1 commitin 2021-12-27 17:03:42 +01:00
6420ca1b40 Add landlock runtime detection 
We cannot assume that landlock is enabled if we can compile it.
Even if it's enabled in the kernel it may still not be loaded.

We fill fallback to chroot/bind-mounts if we can.

If we can't (because path policies have landlock-specific options),
we can't do that either.

Closes: #21
crtxcr kommentoi 2021-12-27 17:14:56 +01:00
Tekijä
Omistaja
Kopioi linkki

Merged

Merged
crtxcr closed this pull request 2021-12-27 17:14:56 +01:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Tunnisteet
Tyhjennä tunnisteet   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

Ei tunnistetta
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Merkkipaalu
Tyhjennä merkkipaalu
Ei kohteita
Ei merkkipaalua
Käsittelijä
Tyhjennä käsittelijä
Ei käsittelijää
1 osallistujaa
Ilmoitukset
Määräpäivä
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

Määräpäivää ei asetettu.

Riippuvuudet

Riippuvuuksia ei asetettu.

Reference: crtxcr/exile.h#22
No description provided.
Delete Branch "WIP/argsfilter"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?