maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

sandbox: expose seccomp interface

Browse Source 
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-07-02 04:38:28 +09:00
parent a6887f7253
commit 31aef905fa
12 changed files with 117 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sandbox/ops.go
View File

@@ -205,7 +205,7 @@ func (d MountDevOp) apply(params *Params) error {
fmt.Sprintf("cannot mount devpts on %q:", devPtsPath))
}
if params.Flags&FAllowTTY != 0 {
if params.RetainSession {
var buf [8]byte
if _, _, errno := Syscall(SYS_IOCTL, 1, TIOCGWINSZ, uintptr(unsafe.Pointer(&buf[0]))); errno == 0 {
consolePath := toSysroot(path.Join(v, "console"))