Comments (3)
brauner
commented on June 11, 2024
5
Yeah, it would be good to have this in libseccomp. We currently use this as well in an open-coded version in LXD https://github.com/lxc/lxd/blob/98935b925c0caffc9d4a083c191671d553739313/lxd/seccomp/seccomp.go#L395
it needs a nice API. And note usually this is paired with pidfd_getfd().
from libseccomp.
pcmoore
commented on June 11, 2024
Thanks for the issue, this has been in the back of my mind but I haven't had the chance to work on it yet. Having this as an issue should help a bit. I've gone ahead and added it to the v2.6.0 milestone too.
A quick word of caution if anyone else is looking into implementing this in libseccomp: before you simply copy the lxd code in Christian's reply, please note the license differences between the two projects.
from libseccomp.
brauner
commented on June 11, 2024
The seccomp selftests upstream also have the basic logic in there fwiw.
from libseccomp.
Related Issues (20)
- RFE: add support for comparisons against 32-bit arguments HOT 7
- Q: getting errno 14 and returned error code -13 when adding rule HOT 2
- BUG: libtool warning: '../src/libseccomp.la' has not been installed in '/usr/lib64' when running configure HOT 14
- RFE: add support for SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (Linux 5.19) HOT 1
- Polish bitcoin with my power of the bakers act 1896 they were registering overall rating before 73 HOT 2
- Q: Abstract socket argument filter HOT 10
- Q: manually setting CFLAGS=-fvisibility=hidden does not work HOT 3
- BUG: problems with docker seccomp profiles on ARM HOT 5
- RFE: add SCMP_ACT_DEFAULT rule HOT 3
- Q: request of new minor release with an updated syscall table to support newer kernels HOT 22
- 华 HOT 2
- 一朵玫瑰 HOT 3
- RFE: investigate the new SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP seccomp() flag HOT 1
- Q: new release request HOT 1
- BUG: test 29 is broken on aarch64 HOT 6
- Q: use a whitelist, and notify when the process tries to use a syscall that is not on the whitelist HOT 8
- BUG: Compiler warning in gen_bpf.c HOT 1
- Q: can this library be used for Android HOT 1
- RFE: update the syscall table in the main branch HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libseccomp.