Albert S. crtxcr
0 Followers · 0 Following
Repositories
23
 Projects Packages Public Activity Starred Repositories
crtxcr pushed to master at crtxcr/exile.h 2021-12-27 12:36:13 +01:00
48deab0dde exile_enable_policy(): Only chdir() post chroot()
ce7eb57998 enter_namespaces(): Fix error message
3407fded04 Add EXILE_FS_ALLOW_ALL_{READ,WRITE}
Compare 3 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 12:32:34 +01:00
3e4ae74203 Use some macros to increase readabiltiy of BPF rules
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 12:00:40 +01:00
a7a9c6962a test: Add tests for exile_pledge()
db9f4efda8 Add exile_pledge(): A convenience wrapper
b6790e773e pledge: Allow NO_NEW_PRIVS prctls
f55b7c2f8a pledge: Add EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL to allow adding further seccomp filters
4588b46cfc Introduce exile_create_policy(): Creates an clean/empty policy.
Compare 9 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-27 00:44:43 +01:00
72ee3b3d74 pledge: Add EXILE_SYSCALL_PLEDGE_IOCTL to allow ioctl() without argfilters
17e55f1923 pledge: add prctl() default filter
79fa3f9769 pledge: Introduce clone() filter and EXILE_SYSCALL_PLEDGE_THREAD
6366a6103e pledge: Begin filter for setsockopt() args
8c6ce913cb Begin an pledge()-like implementation
Compare 7 commits »
crtxcr pushed to WIP/sandboxing at crtxcr/looqs 2021-12-26 19:44:44 +01:00
79c2731216 gui: Add pledge_promises to exile policy
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 19:40:58 +01:00
beeae95fe1 pledge: Add EXILE_SYSCALL_PLEDGE_IOCTL() to not filter ioctl()
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 19:34:19 +01:00
27d560c6af pledge: add prctl() default filter
crtxcr pushed to WIP/sandboxing at crtxcr/looqs 2021-12-26 18:36:03 +01:00
6a41877a0c IpcServer: Fix off-by-one
b10093f907 Switch to exile.h
86b843e434 shared: looksquery: Fix incorrect varname in exception
Compare 3 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 18:16:06 +01:00
d742397b52 Introduce clone filter and EXILE_SYSCALL_PLEDGE_THREAD
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-26 17:58:07 +01:00
45f5f16bb8 Introduce clone filter and EXILE_SYSCALL_PLEDGE_THREAD
crtxcr created branch next in crtxcr/exile.h 2021-12-24 16:25:04 +01:00
crtxcr pushed to next at crtxcr/exile.h 2021-12-24 16:25:04 +01:00
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-24 16:22:27 +01:00
34b58c5b32 Add EXILE_FS_ALLOW_ALL_{READ,WRITE}
7131b15d1f pledge: Begin filter for setsockopt() args
c61ad47817 pledge: Add PROT_EXEC
Compare 3 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-24 16:21:59 +01:00
9a95ad0c6a Add EXILE_FS_ALLOW_ALL_{READ,WRITE}
9d1b62b249 pledge: Begin filter for setsockopt() args
Compare 2 commits »
crtxcr created branch WIP/readme in crtxcr/exile.h 2021-12-21 19:31:46 +01:00
crtxcr pushed to WIP/readme at crtxcr/exile.h 2021-12-21 19:31:46 +01:00
d44ae8e74e fixup! Update README
be78f6a1c0 Update README
c41eb21ff6 Remove sys/capability.h inclusion, we only need linux/capability.h
Compare 3 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-20 20:25:43 +01:00
bf0d6f9b8d fixup! pledge: Add PROT_EXEC
d502676ab7 pledge: Add PROT_EXEC
Compare 2 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-20 17:30:48 +01:00
c7991ceefa Introduce EXILE_SYSCALL_PLEDGE_DENY_ERROR, remove exile_policy->pledge_policy
5c8de3d286 test: Add pledge socket test
28fc84e323 pledge: Begin EXILE_SYSCALL_PLEDGE_UNIX/EXILE_SYSCALL_PLEDGE_INET
70c831e142 test: Begin basic pledge test
9a356a9e71 Begin an pledge()-like implementation
Compare 5 commits »
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-20 16:16:05 +01:00
eca3b3d622 test: Add pledge socket test
crtxcr pushed to WIP/argsfilter at crtxcr/exile.h 2021-12-20 16:15:34 +01:00
fa473601d3 test: Add socket test
a068c3b0e3 pledge: Begin EXILE_SYSCALL_PLEDGE_UNIX/EXILE_SYSCALL_PLEDGE_INET
d3ebc6cabf fixup! Begin an pledge()-like implementation
Compare 3 commits »