From 5a64cdaf4fedf4cc12f4574f07e1376e907aa7d8 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Wed, 22 Jan 2025 02:00:49 +0900
Subject: [PATCH] ldd: enable syscall filter

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 ldd/exec.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ldd/exec.go b/ldd/exec.go
index 23c4e89..47e20a8 100644
--- a/ldd/exec.go
+++ b/ldd/exec.go
@@ -20,6 +20,7 @@ func Exec(p string) ([]*Entry, error) {
 		(&bwrap.Config{
 			Hostname:      "fortify-ldd",
 			Chdir:         "/",
+			Syscall:       &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},
 			NewSession:    true,
 			DieWithParent: true,
 		}).Bind("/", "/").DevTmpfs("/dev"), "ldd",