|rain1 d752021d6e README||7 years ago|
|.gitignore||7 years ago|
|LICENSE||7 years ago|
|README.md||7 years ago|
|pledge.c||7 years ago|
|pledge.h||7 years ago|
|syscall_64.tbl||7 years ago|
The aim of this is to implement pledge on linux using seccomp rules.
seccomp supports filtering syscalls in a way that isn't vulnerable to race conditions (as ptrace is).
The design and structure of the code is complete (parses the pledge string correctly, builds up a a bitmask using flags, adds rules for each flag), all that's left is filling in each of the promise sections with all the syscalls that are needed, and testing them.