maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

sandbox/seccomp: resolve rules natively

Browse Source 
This enables loading syscall filter policies from external cross-platform config files.

This also removes a significant amount of C code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-07-01 20:23:33 +09:00
parent 1fb453dffe
commit 1a8840bebc
27 changed files with 709 additions and 619 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/planterette/app.go
View File

@@ -115,10 +115,10 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool
},
}
if app.Multiarch {
config.Container.Seccomp |= seccomp.FilterMultiarch
config.Container.SeccompFlags |= seccomp.AllowMultiarch
}
if app.Bluetooth {
config.Container.Seccomp |= seccomp.FilterBluetooth
config.Container.SeccompFlags |= seccomp.AllowBluetooth
}
return config
}