WIP pledge/low-level seccomp arg filter interface #22

Dúnta

crtxcr ag iarraidh 0 gealltanas a chumasc ó WIP/argsfilter go master

tarraing ó: WIP/argsfilter

cumaisc isteach: crtxcr:master

crtxcr:master

crtxcr:next

crtxcr:WIP/enosys

crtxcr:WIP/cpp

Comhrá 2 Tiomáintí - Comhaid Athraithe -

crtxcr trácht 2021-11-21 15:29:20 +01:00

Úinéir

Cóipeáil Nasc

Níl aon tuairisc ar fáil.

crtxcr bhrú i bhfeidhm WIP/argsfilter ó 89749bd03b go 371c6a94b6 2021-11-30 18:33:22 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó 371c6a94b6 go ac3e84ed16 2021-12-01 23:55:57 +01:00 Déan comparáid

crtxcr trácht 2021-12-02 10:17:27 +01:00

Údar

Úinéir

Cóipeáil Nasc

Test for blacklist:

• syscall without args
• syscall with args
• syscall without args

Test for blacklist: - syscall without args - syscall with args - syscall without args

crtxcr athraigh an teideal ó WIP low-level seccomp arg filter interface go WIP pledge/low-level seccomp arg filter interface 2021-12-05 17:32:21 +01:00

crtxcr bhrú i bhfeidhm WIP/argsfilter ó 7bfa7f5961 go 08a2445c26 2021-12-19 20:27:13 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó fa473601d3 go eca3b3d622 2021-12-20 16:16:06 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó eca3b3d622 go c7991ceefa 2021-12-20 17:30:51 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó 9a95ad0c6a go 34b58c5b32 2021-12-24 16:22:28 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó 45f5f16bb8 go d742397b52 2021-12-26 18:16:07 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó beeae95fe1 go 72ee3b3d74 2021-12-27 00:44:44 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó 72ee3b3d74 go a7a9c6962a 2021-12-27 12:00:41 +01:00 Déan comparáid

crtxcr bhrú i bhfeidhm WIP/argsfilter ó 3e4ae74203 go ca0f82790c 2021-12-27 12:36:32 +01:00 Déan comparáid

crtxcr cuireadh 2 tiomantas 2021-12-27 14:18:15 +01:00 leis

Merge get_pledge_argfilter() with get_pledge_argfilter() 0be081c55d

Include linux/capability.h instead of sys/capability.h ... 631980b775

Some distros put sys/capability.h into libcap-dev or
similiar, which is a bit unforunate, we don't need
libcap-dev or anything like that.

Since we anyway only used the capget()/capset(), we can
just define a simple wrapper and call the syscall directly
and therefore avoid above mentioned issue.

crtxcr Cuir 1 gealltanas 2021-12-27 14:26:47 +01:00 leis

Handle new 5.16 syscall: futex_waitv 98c76089de

crtxcr Cuir 1 gealltanas 2021-12-27 17:03:42 +01:00 leis

Add landlock runtime detection ... 6420ca1b40

We cannot assume that landlock is enabled if we can compile it.
Even if it's enabled in the kernel it may still not be loaded.

We fill fallback to chroot/bind-mounts if we can.

If we can't (because path policies have landlock-specific options),
we can't do that either.

Closes: #21

crtxcr trácht 2021-12-27 17:14:56 +01:00

Údar

Úinéir

Cóipeáil Nasc

Merged

Merged

crtxcr dhún an t-iarratas tarraingthe seo 2021-12-27 17:14:56 +01:00

Iarratas tarraingthe dúnta

Ní féidir an t-iarratas tarraingthe seo a athoscailt toisc gur scriosadh an brainse.

Sínigh isteach chun dul isteach sa chomhrá seo.

Léirmheasóirí

Gan Léirmheastóirí

Lipéid

Lipéid shoiléir

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

Gan Lipéad

Cloch Mhíle

Gan aon earraí

Gan Chloch Mhíle

Sannaitheoirí

Ceannaitheoirí soiléir

crtxcr

Gan aon Sannaitheoirí

1 Rannpháirtithe

Fógraí

Liostáil

Dáta dlite

Níl aon dáta dlite socraithe.

Spleithiúlachtaí

Níl aon spleáchais leagtha síos.

Tagairt: crtxcr/exile.h#22

Níl aon tuairisc ar fáil.