Albert S. crtxcr
0 팔로워 · 0 팔로우 중
저장소
23
 Projects Packages 공개 활동 관심있는 저장소
crtxcr commented on pull request crtxcr/exile.h#22 2021-12-27 17:14:56 +01:00
WIP pledge/low-level seccomp arg filter interface

Merged

crtxcr closed issue crtxcr/exile.h#21 2021-12-27 17:14:25 +01:00
Landlock runtime detection
crtxcr pushed to master at crtxcr/exile.h 2021-12-27 17:14:25 +01:00
6420ca1b40 Add landlock runtime detection
98c76089de Handle new 5.16 syscall: futex_waitv
631980b775 Include linux/capability.h instead of sys/capability.h
0be081c55d Merge get_pledge_argfilter() with get_pledge_argfilter()
ca0f82790c Use some macros to increase readabiltiy of BPF rules
16 커밋들 비교 »
crtxcr deleted branch next from crtxcr/exile.h 2021-12-27 17:06:26 +01:00
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 17:03:41 +01:00
6420ca1b40 Add landlock runtime detection
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 14:26:46 +01:00
98c76089de Handle new 5.16 syscall: futex_waitv
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 14:18:14 +01:00
631980b775 Include linux/capability.h instead of sys/capability.h
0be081c55d Merge get_pledge_argfilter() with get_pledge_argfilter()
2 커밋들 비교 »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 12:36:31 +01:00
ca0f82790c Use some macros to increase readabiltiy of BPF rules
77adf09d34 test: Add tests for exile_pledge()
bcab0377f1 Add exile_pledge(): A convenience wrapper
b469a82eec pledge: Allow NO_NEW_PRIVS prctls
6711b394d9 pledge: Add EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL to allow adding further seccomp filters
14 커밋들 비교 »
crtxcr pushed to master at crtxcr/exile.h 2021-12-27 12:36:13 +01:00
48deab0dde exile_enable_policy(): Only chdir() post chroot()
ce7eb57998 enter_namespaces(): Fix error message
3407fded04 Add EXILE_FS_ALLOW_ALL_{READ,WRITE}
3 커밋들 비교 »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 12:32:34 +01:00
3e4ae74203 Use some macros to increase readabiltiy of BPF rules
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 12:00:40 +01:00
a7a9c6962a test: Add tests for exile_pledge()
db9f4efda8 Add exile_pledge(): A convenience wrapper
b6790e773e pledge: Allow NO_NEW_PRIVS prctls
f55b7c2f8a pledge: Add EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL to allow adding further seccomp filters
4588b46cfc Introduce exile_create_policy(): Creates an clean/empty policy.
9 커밋들 비교 »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 00:44:43 +01:00
72ee3b3d74 pledge: Add EXILE_SYSCALL_PLEDGE_IOCTL to allow ioctl() without argfilters
17e55f1923 pledge: add prctl() default filter
79fa3f9769 pledge: Introduce clone() filter and EXILE_SYSCALL_PLEDGE_THREAD
6366a6103e pledge: Begin filter for setsockopt() args
8c6ce913cb Begin an pledge()-like implementation
7 커밋들 비교 »
crtxcr pushed to WIP/sandboxing at crtxcr/looqs 2021-12-26 19:44:44 +01:00
79c2731216 gui: Add pledge_promises to exile policy
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 19:40:58 +01:00
beeae95fe1 pledge: Add EXILE_SYSCALL_PLEDGE_IOCTL() to not filter ioctl()
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 19:34:19 +01:00
27d560c6af pledge: add prctl() default filter
crtxcr pushed to WIP/sandboxing at crtxcr/looqs 2021-12-26 18:36:03 +01:00
6a41877a0c IpcServer: Fix off-by-one
b10093f907 Switch to exile.h
86b843e434 shared: looksquery: Fix incorrect varname in exception
3 커밋들 비교 »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 18:16:06 +01:00
d742397b52 Introduce clone filter and EXILE_SYSCALL_PLEDGE_THREAD
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 17:58:07 +01:00
45f5f16bb8 Introduce clone filter and EXILE_SYSCALL_PLEDGE_THREAD
crtxcr created branch next in crtxcr/exile.h 2021-12-24 16:25:04 +01:00
crtxcr pushed to next at crtxcr/exile.h 2021-12-24 16:25:04 +01:00