kafel icon indicating copy to clipboard operation
kafel copied to clipboard

Published 20 hours ago verified publisher icon google

Compressed syscall database with O(1) lookup

Open mejedi opened this issue 5 years ago • 4 comments

libkafel.so 5x smaller (x86_64, stripped): down to 88KiB from 440KiB.

Closes #20

mejedi avatar May 03 '19 20:05 mejedi

@happyCoder92 Could you please take a look?

mejedi avatar May 21 '19 08:05 mejedi

@happyCoder92

mejedi avatar May 30 '19 16:05 mejedi

@happyCoder92 I'd like to discuss the overall direction before moving forward.

I am using Kafel in https://github.com/rapidlua/sandals, which is a lightweight sandbox similar to nsjail. Sandals are used in https://luajit.me for secure execution of user-submitted Lua code. Sandbox overhead as opposed to running a process unsandboxed is a mere 5ms.

I need access to syscall database so that the sandbox could produce a description of the syscall denied. I assume that other users might have similar needs.

My suggestion is to split the database into a separate library, say libsyscalldb.so.

mejedi avatar Jul 31 '19 15:07 mejedi

Spliting the syscall database into separate library sounds like a good idea. It should be however fairly small and easily embeddable.

happyCoder92 avatar Aug 02 '19 11:08 happyCoder92