Fork of port of OpenBSD 'pledge()' function to Linux
Tommy Lincoln
859f71af3c
updated ptable[]
|
il y a 8 ans | |
|---|---|---|
| .gitignore | il y a 8 ans | |
| LICENSE | il y a 8 ans | |
| README.md | il y a 8 ans | |
| pledge.c | il y a 8 ans | |
| pledge.h | il y a 8 ans | |
| syscall_64.tbl | il y a 8 ans |
README.md
linux-seccomp-pledge
The aim of this is to implement pledge on linux using seccomp rules.
seccomp supports filtering syscalls in a way that isn't vulnerable to race conditions (as ptrace is).
status
The design and structure of the code is complete (parses the pledge string correctly, builds up a a bitmask using flags, adds rules for each flag), all that's left is filling in each of the promise sections with all the syscalls that are needed, and testing them.