Cristian Toader
8f9d3da194
Investigated access4 syscall problem, small changes to filter.
2013-07-26 19:53:05 +03:00
Cristian Toader
626a2b23de
integrated context for dynamic filters
2013-07-25 14:08:02 +03:00
Cristian Toader
3dfe1c0639
initia stages of runtime dynamic filters
2013-07-25 13:25:20 +03:00
Cristian Toader
abe082e7d0
dynamic parameter filter bug fixes
2013-07-24 17:15:57 +03:00
Cristian Toader
962d814e52
dynamic parameter filter (prototype, not tested)
2013-07-24 17:06:06 +03:00
Cristian Toader
e1410f20d7
added support for multiple parameters
2013-07-23 14:22:31 +03:00
Cristian Toader
c15d09293b
added experimental support for open syscall path param
2013-07-23 14:01:53 +03:00
Cristian Toader
8b12170f23
added support for numeric parameters, tested with rt_sigaction
2013-07-23 10:49:56 +03:00
Cristian Toader
7cf1dbfd51
changed paramfilter type to intptr_t
2013-07-23 10:14:25 +03:00
Cristian Toader
8dfa5772e7
(undo) git test..
2013-07-18 18:28:55 +03:00
Cristian Toader
b0725c964b
git test..
2013-07-18 18:28:10 +03:00
Cristian Toader
e7e2efb717
Added getter for protected parameter
2013-07-18 18:21:37 +03:00
Cristian Toader
673349c42e
Repair of some of the lost parameter filters history
2013-07-18 18:03:10 +03:00
Nick Mathewson
85178e2e93
Use format_hex_number_sigsafe to format syscalls in sandbox.c
...
This way, we don't have to use snprintf, which is not guaranteed to
be signal-safe.
(Technically speaking, strlen() and strlcpy() are not guaranteed to
be signal-safe by the POSIX standard. But I claim that they are on
every platform that supports libseccomp2, which is what matters
here.)
2013-07-15 13:07:09 -04:00
Roger Dingledine
6848e29307
cosmetic cleanups
2013-07-14 02:49:34 -04:00
Cristian Toader
f9c1ba6493
Add a basic seccomp2 syscall filter on Linux
...
It's controlled by the new Sandbox argument. Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
2013-07-11 09:13:13 -04:00