Paul Moore
Paul Moore
For those scenarios where the built-in filters are not sufficient, provide support for libseccomp users to insert their own hand-crafted BPF filter code. We should support inserting BPF code at...
See the following systemd issue: * https://github.com/systemd/systemd/issues/4575 The idea with this RFE would be to create a new filter attribute that would allow callers to select if they want the...
Given the growing popularity of Rust for system development, it seems like it might be a good idea to support a set of libseccomp Rust bindings. We could develop our...
Add functionality to export the seccomp BPF filter in a C header file format suitable for including in a project. Ideally the generated C header would include the filter loading...
We should look into making sure libseccomp, and the various bindings, have the necessary SPDX markings. More information for reference: * https://spdx.dev * https://lwn.net/Articles/868882
It might be nice to look into hosting some of the libseccomp documentation on [Read the Docs](https://readthedocs.org); at the very least a short into into the project and the info...
Consider using a document converter such as [pandoc](http://pandoc.org) to generate the man pages from Markdown. Not only should this make it easier to create/edit the man pages, but it should...
This came out of issue #314. While `arch-syscall-check.c` is good at ensuring the internal libseccomp syscall tables are consistent across arch/ABIs, it doesn't verify that we have the necessary `__SNR_xxx`...
Internally libseccomp has supported transactions for some time now, but we haven't exposed this as part of the libseccomp API. Originally this was fine as the transaction mechanism was relatively...
In addition to the syscall number and syscall arguments the kernel makes the caller's IP available to seccomp-bpf filters, we should consider exposing this in libseccomp. See a related request...