David Mirza Ahmad
David Mirza Ahmad
Bind mounting from /etc into a strict-etc Oz sandbox results in strange behavior (to be investigated later): "whitelist": [ {"path": "/etc/pia-openvpn.resolv.conf", "target": "/run/resolvconf/resolv.conf", "force": true}
.. outside of sandbox.
Would be nice to re-read and enable oz-daemon configuration settings on a HUP.
Right now seccomp policy files are hand-whitelisted in the oz profile document. This was a temporary hack for a time when there was no oz-seccomp support at all in Oz....
To achieve the objective of reducing exposed kernel code paths, filtering an invocation of setsockopt(2) by argument such as: setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) should be done with rules that...
For now the rules described in #68 would be created by hand. The tracer should have some method of generating these.
Google chrome installs itself in /opt/google/chrome/, and sets up symbolic links in /usr/bin/. - Oz needs to be equipped to deal with applications installed this way (it assumes binary in...
We should support this for Ricochet built w/only unix domain sockets, but we need to be careful. A subprocess with lower privileges should be the one making the connection to...