libseccomp
libseccomp copied to clipboard
seccomp
The main libseccomp repository
Please add support for checking (preferrably multiple and masked) range(s) of values. For example in systemd (https://github.com/systemd/systemd/pull/6256) we'd like to construct a filter which only allows `personality(2)` with following use...
Hi, I have a usage of libseccomp that involves a 64-bit process setting up a filter for and then launching a 32-bit process, with `SCMP_ACT_TRACE` and using `ptrace` for syscall...
While the libseccomp devs understand the purpose and motivation behind the pseudo-syscalls, they may seem like an odd concept to users of the library. We should do a better job...
When building software on top of libseccomp sometimes we are stuck with older version of libseccomp. When someone e.g. runs with RHEL or an ubuntu LTS the syscall table is...
> The seccomp_syscall_resolve_name(), seccomp_syscall_resolve_name_arch(), and seccomp_syscall_resolve_name_rewrite() functions resolve the commonly used syscall name to the syscall number used by the kernel and the rest of the libseccomp API I've been...
Are there any plans to support pledge from openbsd? I imagine it would be easy to implement a simple wrapper that allows to use pledge as a kind of alias...
We have some basic tooling to generate (tests/testgen) and compare (tests/testdiff) BPF output from multiple test runs, we should investigate adding known good BPF output from the tests to the...
The SCMP_FLTATR_CTL_WAITKILL attribute requests that the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag be passed to the seccomp(2) system call when possible, which is currently only when the SECCOMP_FILTER_FLAG_NEW_LISTENER flag is also set. Resolves #387
Linux 5.19 introduced a new seccomp flag: SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV https://github.com/torvalds/linux/commit/c2aa2dfef243 I would like to use it to handle notification from Golang programs which are often preempted by the runtime with SIGURG....
