rain1 d752021d6e README | %!s(int64=8) %!d(string=hai) anos | |
---|---|---|
.gitignore | %!s(int64=8) %!d(string=hai) anos | |
LICENSE | %!s(int64=8) %!d(string=hai) anos | |
README.md | %!s(int64=8) %!d(string=hai) anos | |
pledge.c | %!s(int64=8) %!d(string=hai) anos | |
pledge.h | %!s(int64=8) %!d(string=hai) anos | |
syscall_64.tbl | %!s(int64=8) %!d(string=hai) anos |
The aim of this is to implement pledge on linux using seccomp rules.
seccomp supports filtering syscalls in a way that isn't vulnerable to race conditions (as ptrace is).
The design and structure of the code is complete (parses the pledge string correctly, builds up a a bitmask using flags, adds rules for each flag), all that's left is filling in each of the promise sections with all the syscalls that are needed, and testing them.