ldd: enable syscall filter

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 02:00:49 +09:00 · 2025-01-22 02:00:49 +09:00 · 5a64cdaf4f
commit 5a64cdaf4f
parent a30f5e1226
1 changed files with 1 additions and 0 deletions
--- a/ldd/exec.go
+++ b/ldd/exec.go
@ -20,6 +20,7 @@ func Exec(p string) ([]*Entry, error) {
 		(&bwrap.Config{
 			Hostname:      "fortify-ldd",
 			Chdir:         "/",
+			Syscall:       &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},
 			NewSession:    true,
 			DieWithParent: true,
 		}).Bind("/", "/").DevTmpfs("/dev"), "ldd",