Albert S.

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-27 12:32:34 +01:00

3e4ae74203 Use some macros to increase readabiltiy of BPF rules

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-27 12:00:40 +01:00

a7a9c6962a test: Add tests for exile_pledge()

db9f4efda8 Add exile_pledge(): A convenience wrapper

b6790e773e pledge: Allow NO_NEW_PRIVS prctls

f55b7c2f8a pledge: Add EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL to allow adding further seccomp filters

4588b46cfc Introduce exile_create_policy(): Creates an clean/empty policy.

Jämför 9 commits »

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-27 00:44:43 +01:00

72ee3b3d74 pledge: Add EXILE_SYSCALL_PLEDGE_IOCTL to allow ioctl() without argfilters

17e55f1923 pledge: add prctl() default filter

79fa3f9769 pledge: Introduce clone() filter and EXILE_SYSCALL_PLEDGE_THREAD

6366a6103e pledge: Begin filter for setsockopt() args

8c6ce913cb Begin an pledge()-like implementation

Jämför 7 commits »

crtxcr pushed to WIP/sandboxing at crtxcr/looqs

2021-12-26 19:44:44 +01:00

79c2731216 gui: Add pledge_promises to exile policy

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-26 19:40:58 +01:00

beeae95fe1 pledge: Add EXILE_SYSCALL_PLEDGE_IOCTL() to not filter ioctl()

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-26 19:34:19 +01:00

27d560c6af pledge: add prctl() default filter

crtxcr pushed to WIP/sandboxing at crtxcr/looqs

2021-12-26 18:36:03 +01:00

6a41877a0c IpcServer: Fix off-by-one

b10093f907 Switch to exile.h

86b843e434 shared: looksquery: Fix incorrect varname in exception

Jämför 3 commits »

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-26 18:16:06 +01:00

d742397b52 Introduce clone filter and EXILE_SYSCALL_PLEDGE_THREAD

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-26 17:58:07 +01:00

45f5f16bb8 Introduce clone filter and EXILE_SYSCALL_PLEDGE_THREAD

crtxcr created branch next in crtxcr/exile.h

2021-12-24 16:25:04 +01:00

crtxcr pushed to next at crtxcr/exile.h

2021-12-24 16:25:04 +01:00

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-24 16:22:27 +01:00

34b58c5b32 Add EXILE_FS_ALLOW_ALL_{READ,WRITE}

7131b15d1f pledge: Begin filter for setsockopt() args

c61ad47817 pledge: Add PROT_EXEC

Jämför 3 commits »

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-24 16:21:59 +01:00

9a95ad0c6a Add EXILE_FS_ALLOW_ALL_{READ,WRITE}

9d1b62b249 pledge: Begin filter for setsockopt() args

Jämför 2 commits »

crtxcr created branch WIP/readme in crtxcr/exile.h

2021-12-21 19:31:46 +01:00

crtxcr pushed to WIP/readme at crtxcr/exile.h

2021-12-21 19:31:46 +01:00

d44ae8e74e fixup! Update README

be78f6a1c0 Update README

c41eb21ff6 Remove sys/capability.h inclusion, we only need linux/capability.h

Jämför 3 commits »

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-20 20:25:43 +01:00

bf0d6f9b8d fixup! pledge: Add PROT_EXEC

d502676ab7 pledge: Add PROT_EXEC

Jämför 2 commits »

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-20 17:30:48 +01:00

c7991ceefa Introduce EXILE_SYSCALL_PLEDGE_DENY_ERROR, remove exile_policy->pledge_policy

5c8de3d286 test: Add pledge socket test

28fc84e323 pledge: Begin EXILE_SYSCALL_PLEDGE_UNIX/EXILE_SYSCALL_PLEDGE_INET

70c831e142 test: Begin basic pledge test

9a356a9e71 Begin an pledge()-like implementation

Jämför 5 commits »

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-20 16:16:05 +01:00

eca3b3d622 test: Add pledge socket test

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-20 16:15:34 +01:00

fa473601d3 test: Add socket test

a068c3b0e3 pledge: Begin EXILE_SYSCALL_PLEDGE_UNIX/EXILE_SYSCALL_PLEDGE_INET

d3ebc6cabf fixup! Begin an pledge()-like implementation

Jämför 3 commits »

crtxcr pushed to WIP/argsfilter at crtxcr/exile.h

2021-12-19 21:16:10 +01:00

656f43ee7a fixup! test: Begin basic pledge test

ccf940b476 fixup! Begin an pledge()-like implementation

ecb064158d test: Begin basic pledge test

3cd253a309 fixup! Begin an pledge()-like implementation

Jämför 4 commits »