maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

fst: include syscall filter configuration

Browse Source 
This value is passed through to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-01-20 21:12:39 +09:00
parent 2cf1f46ea2
commit 27f5922d5c
4 changed files with 31 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/app/start.go
View File

@@ -76,10 +76,11 @@ func (a *app) Run(ctx context.Context, rs *RunState) error {
// send payload
if err = a.shim.Serve(shimSetupCtx, &shim.Payload{
Argv: a.seal.command,
Exec: shimExec,
Bwrap: a.seal.sys.bwrap,
Home: a.seal.sys.user.data,
Argv: a.seal.command,
Exec: shimExec,
Bwrap: a.seal.sys.bwrap,
Home: a.seal.sys.user.data,
Syscall: a.seal.scmp,
Verbose: fmsg.Verbose(),
}); err != nil {