security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 25 Wiki Activity
37780456a7
fortify/helper/bwrap/seccomp-export.h
Ophestra 37780456a7
All checks were successful
Test / Create distribution (push) Successful in 1m44s
Details
Test / Run NixOS test (push) Successful in 3m35s
Details
helper: block more unusual/privileged syscalls 
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 12:35:47 +09:00

23 lines
625 B
C
Raw Blame History

#include <stdint.h>
#include <seccomp.h>
#if (SCMP_VER_MAJOR < 2) || \
(SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5) || \
(SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 5 && SCMP_VER_MICRO < 1)
#error This package requires libseccomp >= v2.5.1
#endif
typedef enum {
F_EXT = 1 << 0,
F_DENY_NS = 1 << 1,
F_DENY_TTY = 1 << 2,
F_DENY_DEVEL = 1 << 3,
F_MULTIARCH = 1 << 4,
F_LINUX32 = 1 << 5,
F_CAN = 1 << 6,
F_BLUETOOTH = 1 << 7,
} f_syscall_opts;
extern void F_println(char *v);
int f_tmpfile_fd();
int32_t f_export_bpf(int fd, uint32_t arch, uint32_t multiarch, f_syscall_opts opts);
Reference in New Issue View Git Blame Copy Permalink