libseccomp
libseccomp copied to clipboard
seccomp
The main libseccomp repository
Add ops for checking whether arguments are in a specified range, optionally negated and/or with mask: SCMP_CMP_{MASKED_}{NOT_}IN_RANGE. Closes: #94 Signed-off-by: Topi Miettinen
LoongArch is a new instruction set of Loongson 3A5000 CPU, you can read the [documents](https://loongson.github.io/LoongArch-Documentation/README-EN.html) or visit the development [community]( https://github.com/loongson) to get more infomation. Now I porting the libseccomp...
This is intended to fix #383. The basic implementation strategy was: 1. add an SCMP_CMP_32BIT flag that can be bitwise ORed with the existing comparison operators, indicating that a 32-bit...
I'm trying to correctly package libseccomp-static for Mageia as such package doesn't exist amongst the libseccomp related packages. The reason is that the snapd.spec file demands this package in order...
This issue came up while investigating a problem in the seccomp filters generated by snapd using libseccomp. We had a filter set up to allow calling the `copy_file_range` syscall provided...
As system calls are added to the kernel, I feel there is not enough discussion by default of the wide variety of applications that will suddenly gain access to a...
For those scenarios where the built-in filters are not sufficient, provide support for libseccomp users to insert their own hand-crafted BPF filter code. We should support inserting BPF code at...
`seccomp_load()` is the only way of loading seccomp filter into the kernel at the moment. As implementation of `seccomp_load()` is not async-signal safe, calling the function between `fork()` and `exec`...
The feature of addfd[1][2] allows the supervisor to install file descriptors into the intercepted task. By implementing this feature via seccomp the supervisor effectively instructs the supervisee to install a...
See the following systemd issue: * https://github.com/systemd/systemd/issues/4575 The idea with this RFE would be to create a new filter attribute that would allow callers to select if they want the...