Albert S 9192ec3aa4 Rewrite syscall policy logic ...

Instead of having a blacklist and whitelist, we now allow
setting a policy that runs as a chain.

This adds qssb_append_syscalls_policy()

Furthermore, add a feature to decide per syscall which action to take.
This allows now to return an error instead of just killing the process.

In the future, it may allow us to set optimize/shrink the BPF filter.

2021-09-05 17:12:03 +02:00

4.1 KiB

Raw Blame History

View Raw