Cristian Toader
|
71612f00ae
|
fixed openssl open syscall, fixed sandbox_getaddrinfo
|
2013-08-20 13:10:07 +03:00 |
|
Cristian Toader
|
36aeca0ecf
|
fix for getaddrinfo open syscall
|
2013-08-19 13:56:50 +03:00 |
|
Cristian Toader
|
a9910d89f1
|
finalised fix on libevent open string issue
|
2013-08-19 11:41:46 +03:00 |
|
Cristian Toader
|
c09b11b6d8
|
updated filters
|
2013-08-16 01:43:09 +03:00 |
|
Cristian Toader
|
863dd4d4b3
|
received feedback and fixed (partly) the socket filters
|
2013-08-15 00:23:51 +03:00 |
|
Cristian Toader
|
372e0f91fd
|
added comments for sandbox.h
|
2013-08-15 00:09:07 +03:00 |
|
Cristian Toader
|
e2a7b484f4
|
partial libevent open fix
|
2013-08-14 23:03:38 +03:00 |
|
Cristian Toader
|
8a85a48b9d
|
attempt to add stat64 filename filters; failed due to getaddrinfo..
|
2013-08-12 21:14:43 +03:00 |
|
Cristian Toader
|
44a4464cf6
|
fixed memory leak, added array filter support
|
2013-08-10 18:04:48 +03:00 |
|
Cristian Toader
|
89b39db003
|
updated filters to work with orport
|
2013-08-09 19:07:20 +03:00 |
|
Cristian Toader
|
b3a8c08a92
|
orport progress (not functional), nickm suggested fixes
|
2013-08-07 13:13:12 +03:00 |
|
Cristian Toader
|
356b646976
|
added execve and multi-configuration support
|
2013-08-05 15:40:23 +03:00 |
|
Cristian Toader
|
d897690fc7
|
fixes suggested by nickm
|
2013-08-05 14:17:46 +03:00 |
|
Cristian Toader
|
dde3ed385b
|
removed access, set_robust_list, set_thread_area, set_tid_address, uname; added sb_poll
|
2013-07-31 12:05:10 +03:00 |
|
Cristian Toader
|
313cbe6e24
|
sigprocmask, epoll_ctl, prctl, mprotect, flock, futex, mremap
|
2013-07-31 11:35:25 +03:00 |
|
Cristian Toader
|
f0840ed4c9
|
epoll_ctl
|
2013-07-31 00:27:14 +03:00 |
|
Cristian Toader
|
5fc0e13db8
|
fcntl64
|
2013-07-30 23:52:54 +03:00 |
|
Cristian Toader
|
686cf4c0ff
|
clean stable version
|
2013-07-30 23:43:42 +03:00 |
|
Cristian Toader
|
c1f5f1842e
|
fully switched to function pointers; problems with socketcall parameters
|
2013-07-30 23:20:08 +03:00 |
|
Cristian Toader
|
442f256f25
|
switched to a design using filters as function pointer arrays
|
2013-07-30 21:23:30 +03:00 |
|
Cristian Toader
|
5baea85189
|
removed open flags (postponed), added mmap2 flags
|
2013-07-30 19:37:28 +03:00 |
|
Cristian Toader
|
871e5b35a8
|
small filter changes; openat as separate function
|
2013-07-30 19:25:56 +03:00 |
|
Cristian Toader
|
8022def6f0
|
added openat parameter filter
|
2013-07-29 16:30:39 +03:00 |
|
Cristian Toader
|
6d5b0367f6
|
Changes as suggested by nickm
- char* to const char* and name refactoring
- workaround for accept4 syscall
|
2013-07-29 14:46:47 +03:00 |
|
Cristian Toader
|
8f9d3da194
|
Investigated access4 syscall problem, small changes to filter.
|
2013-07-26 19:53:05 +03:00 |
|
Cristian Toader
|
626a2b23de
|
integrated context for dynamic filters
|
2013-07-25 14:08:02 +03:00 |
|
Cristian Toader
|
3dfe1c0639
|
initia stages of runtime dynamic filters
|
2013-07-25 13:25:20 +03:00 |
|
Cristian Toader
|
abe082e7d0
|
dynamic parameter filter bug fixes
|
2013-07-24 17:15:57 +03:00 |
|
Cristian Toader
|
962d814e52
|
dynamic parameter filter (prototype, not tested)
|
2013-07-24 17:06:06 +03:00 |
|
Cristian Toader
|
e1410f20d7
|
added support for multiple parameters
|
2013-07-23 14:22:31 +03:00 |
|
Cristian Toader
|
c15d09293b
|
added experimental support for open syscall path param
|
2013-07-23 14:01:53 +03:00 |
|
Cristian Toader
|
8b12170f23
|
added support for numeric parameters, tested with rt_sigaction
|
2013-07-23 10:49:56 +03:00 |
|
Cristian Toader
|
7cf1dbfd51
|
changed paramfilter type to intptr_t
|
2013-07-23 10:14:25 +03:00 |
|
Cristian Toader
|
8dfa5772e7
|
(undo) git test..
|
2013-07-18 18:28:55 +03:00 |
|
Cristian Toader
|
b0725c964b
|
git test..
|
2013-07-18 18:28:10 +03:00 |
|
Cristian Toader
|
e7e2efb717
|
Added getter for protected parameter
|
2013-07-18 18:21:37 +03:00 |
|
Cristian Toader
|
673349c42e
|
Repair of some of the lost parameter filters history
|
2013-07-18 18:03:10 +03:00 |
|
Roger Dingledine
|
6848e29307
|
cosmetic cleanups
|
2013-07-14 02:49:34 -04:00 |
|
Cristian Toader
|
f9c1ba6493
|
Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument. Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
|
2013-07-11 09:13:13 -04:00 |
|