security/hakurei
security/hakurei
5
2
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

container/syscall: doc comments from manpages
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m10s
Details
Test / Hakurei (push) Successful in 3m9s
Details
Test / Hpkg (push) Successful in 4m0s
Details
Test / Sandbox (race detector) (push) Successful in 4m24s
Details
Test / Hakurei (race detector) (push) Successful in 4m58s
Details
Test / Flake checks (push) Successful in 1m25s
Details

Browse Source 
These are pulled straight from the manpages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-08-21 00:33:46 +09:00
parent 5d8a2199b6
commit 5b73316ae0
Signed by: cat
SSH Key Fingerprint: SHA256:wr6yH7sDDbUFi81k/GsIGwpM3O2QrwqYlLF26CcJa4w
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
container/syscall.go
View File

@ -4,11 +4,7 @@ import (
"syscall" "syscall"
) )
const ( // SetPtracer allows processes to ptrace(2) the calling process.
SUID_DUMP_DISABLE = iota
SUID_DUMP_USER
)
func SetPtracer(pid uintptr) error { func SetPtracer(pid uintptr) error {
_, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PTRACER, pid, 0) _, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PTRACER, pid, 0)
if errno == 0 { if errno == 0 {
@ -17,6 +13,12 @@ func SetPtracer(pid uintptr) error {
return errno return errno
} }
const (
SUID_DUMP_DISABLE = iota
SUID_DUMP_USER
)
// SetDumpable sets the "dumpable" attribute of the calling process.
func SetDumpable(dumpable uintptr) error { func SetDumpable(dumpable uintptr) error {
// linux/sched/coredump.h // linux/sched/coredump.h
if _, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, dumpable, 0); errno != 0 { if _, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, dumpable, 0); errno != 0 {
@ -26,6 +28,7 @@ func SetDumpable(dumpable uintptr) error {
return nil return nil
} }
// SetNoNewPrivs sets the calling thread's no_new_privs attribute.
func SetNoNewPrivs() error { func SetNoNewPrivs() error {
_, _, errno := syscall.Syscall(syscall.SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0) _, _, errno := syscall.Syscall(syscall.SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0)
if errno == 0 { if errno == 0 {