Albert S. crtxcr
0 Followers · 0 Following
Repositories
23
 Projects Packages Public Activity Starred Repositories
crtxcr pushed to WIP/rework_get_vow_argfilter at crtxcr/exile.h 2021-12-29 11:05:34 +01:00
4824c6eaa9 check_policy_sanity(): Traverse path_policy list only if no landlock available
9048a3b4fe append_syscall_to_bpf(): Improve readability
0b54e73ff4 Rework get_vow_argfilter() for readability and easiness
Compare 3 commits »
crtxcr pushed to WIP/rework_get_vow_argfilter at crtxcr/exile.h 2021-12-29 10:30:17 +01:00
36ef8cb9f9 check_policy_sanity(): Traverse path_policy list only if no landlock available
d98c085af6 append_syscall_to_bpf(): Improve readability
048eb537c4 Rework get_vow_argfilter() for readability and easiness
Compare 3 commits »
crtxcr created pull request crtxcr/exile.h#24 2021-12-28 23:04:41 +01:00
WIP/rework_get_vow_argfilter
crtxcr pushed to WIP/rework_get_vow_argfilter at crtxcr/exile.h 2021-12-28 23:04:21 +01:00
de39b478c6 append_syscall_to_bpf(): Improve readability
crtxcr created branch WIP/rework_get_vow_argfilter in crtxcr/exile.h 2021-12-28 22:54:37 +01:00
crtxcr pushed to WIP/rework_get_vow_argfilter at crtxcr/exile.h 2021-12-28 22:54:37 +01:00
d1af882045 Rework get_vow_argfilter() implementation for readability and easyiness
crtxcr pushed to master at crtxcr/exile.h 2021-12-28 13:18:39 +01:00
b2306299d5 vow: fix clone filter broken by ca0f8279
crtxcr pushed to master at crtxcr/exile.h 2021-12-28 11:09:37 +01:00
55b43fdaac Rename our 'pledge' mechanism to 'vow'
crtxcr commented on issue crtxcr/exile.h#23 2021-12-27 17:15:29 +01:00
pledge()-like functionality

Added

crtxcr closed issue crtxcr/exile.h#23 2021-12-27 17:15:29 +01:00
pledge()-like functionality
crtxcr commented on pull request crtxcr/exile.h#22 2021-12-27 17:14:56 +01:00
WIP pledge/low-level seccomp arg filter interface

Merged

crtxcr closed pull request crtxcr/exile.h#22 2021-12-27 17:14:56 +01:00
WIP pledge/low-level seccomp arg filter interface
crtxcr closed issue crtxcr/exile.h#21 2021-12-27 17:14:25 +01:00
Landlock runtime detection
crtxcr pushed to master at crtxcr/exile.h 2021-12-27 17:14:25 +01:00
6420ca1b40 Add landlock runtime detection
98c76089de Handle new 5.16 syscall: futex_waitv
631980b775 Include linux/capability.h instead of sys/capability.h
0be081c55d Merge get_pledge_argfilter() with get_pledge_argfilter()
ca0f82790c Use some macros to increase readabiltiy of BPF rules
Compare 16 commits »
crtxcr deleted branch next from crtxcr/exile.h 2021-12-27 17:06:26 +01:00
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 17:03:41 +01:00
6420ca1b40 Add landlock runtime detection
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 14:26:46 +01:00
98c76089de Handle new 5.16 syscall: futex_waitv
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 14:18:14 +01:00
631980b775 Include linux/capability.h instead of sys/capability.h
0be081c55d Merge get_pledge_argfilter() with get_pledge_argfilter()
Compare 2 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 12:36:31 +01:00
ca0f82790c Use some macros to increase readabiltiy of BPF rules
77adf09d34 test: Add tests for exile_pledge()
bcab0377f1 Add exile_pledge(): A convenience wrapper
b469a82eec pledge: Allow NO_NEW_PRIVS prctls
6711b394d9 pledge: Add EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL to allow adding further seccomp filters
Compare 14 commits »
crtxcr pushed to master at crtxcr/exile.h 2021-12-27 12:36:13 +01:00
48deab0dde exile_enable_policy(): Only chdir() post chroot()
ce7eb57998 enter_namespaces(): Fix error message
3407fded04 Add EXILE_FS_ALLOW_ALL_{READ,WRITE}
Compare 3 commits »