Here are a couple of patches related to seccomp,
James Browning
jamesb192 at jamesb192.com
Thu Mar 2 14:26:14 UTC 2023
I wrote and tested these on a bleeding-edge Ubuntu box. I have yet to
try this on other Linux flavors. First is a patch to make the secomp
trap handler on Linux more helpfully verbose. Then a patch that can
incrementally tighten the syscall filter to calls listed in a text
file.
The patch in the previous mail had the arguments backward for the
syscall resolving function
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Attempt-to-make-seccomp-errors-useful-not-Lassie.patch
Type: text/x-patch
Size: 1048 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20230302/dae46ae8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Remove-seccomp-code-from-sandbox-parsing-a-fixed-tex.patch
Type: text/x-patch
Size: 14994 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20230302/dae46ae8/attachment-0001.bin>
More information about the devel
mailing list