libseccomp
libseccomp copied to clipboard
seccomp
The main libseccomp repository
Add the regression tests (1-60) for the libseccomp crate that is Rust language bindings for the libseccomp library. You can run the tests as follows: ```sh $ sed -i "/^AC_INIT/...
https://github.com/seccomp/libseccomp/blob/main/src/syscalls.csv only supports kernel up to v6.2.0, while https://github.com/seccomp/libseccomp/blob/v2.5.5/src/syscalls.csv supports v6.7.0-rc3
This restores test suite on Clang 17.
The kernel returns EINVAL when this flag is passed to seccomp without the new listener flag so we should pass this flag along as well. Reference on where the check...
Q: use a whitelist, and notify when the process tries to use a syscall that is not on the whitelist
Hi, I was trying to develop a sandbox application where processes start with the bare minimum allowed syscalls to operate (`read`, `write`, `exit`, `sigreturn`) and then when they try to...
It appears that commit 1852fe3d772914d848907f9d0656747776ed3f98 uncovered an issue on aarch64: ``` % ./regression -m c -T bpf-sim -b 29-sim-pseudo_syscall =============== Mon Oct 23 04:51:37 PM EDT 2023 =============== Regression Test...
``` gen_bpf.c: In function '_gen_bpf_build_bpf': gen_bpf.c:2077:21: warning: storing the address of local variable 'pseudo_arch' in '*state.arch' [-Wdangling-pointer=] 2077 | state->arch = &pseudo_arch; | ~~~~~~~~~~~~^~~~~~~~~~~~~~ gen_bpf.c:1999:25: note: 'pseudo_arch' declared here 1999...
This PR contains two patches, the first fixes an existing problem with transaction management and the second adds a new transaction API to libseccomp. @drakenclimber when you have the chance...
Linux v6.6 is expected to add support for a new `seccomp()` flag, `SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP`. Investigate what we need to do for libseccomp. My initial thought is that as this really only...