Export container/seccomp.NativeRule via hst #15

New Issue

Open

opened 2025-09-29 06:51:57 +09:00 by ophestra · 1 comment

ophestra commented 2025-09-29 06:51:57 +09:00

Owner

Copy Link

The lookup table for syscall names is already present. A JSON adaptor is needed for the NativeRule struct. The seccomp overrides are already removed from hst as part of v0.3.x.

When applying the custom filter, internal/app must ensure it does not reduce protection to the kernel. It might be sufficient to append custom filter rules to generated (preset) rules.

The lookup table for syscall names is already present. A JSON adaptor is needed for the `NativeRule` struct. The seccomp overrides are already removed from `hst` as part of v0.3.x. When applying the custom filter, `internal/app` must ensure it does not reduce protection to the kernel. It might be sufficient to append custom filter rules to generated (preset) rules.

❤️ 1

ophestra added this to the v0.3.0 milestone 2025-09-29 06:52:07 +09:00

cat referenced this issue from a commit 2025-11-05 05:49:04 +09:00

container/seccomp: use native types

cat referenced this issue from a commit 2025-11-05 06:00:45 +09:00

container/std: relocate rule types

ophestra commented 2025-11-06 01:03:21 +09:00

Author

Owner

Copy Link

The underlying seccomp and std package now supports this to the extent of not requiring breaking changes to the exported API. Removing this from v0.3.0 as integrating this into hst will not break API.

The underlying `seccomp` and `std` package now supports this to the extent of not requiring breaking changes to the exported API. Removing this from v0.3.0 as integrating this into `hst` will not break API.

👍 1 🎉 1

ophestra removed this from the v0.3.0 milestone 2025-11-06 01:03:40 +09:00

ophestra added the

Kind

Feature

Priority

Low

Reviewed

Confirmed

Status

Blocked

labels 2025-11-10 01:11:37 +09:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

develop

staging

v0.3.1

v0.3.0

v0.2.2

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

Compat

Breaking

Breaking change that won't be backward compatible

Kind

Bug

Something is not working

Kind

Documentation

Documentation changes

Kind

Enhancement

Improve existing functionality

Kind

Feature

New functionality

Kind

Security

This is security issue

Kind

Testing

Issue or pull request related to testing

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Reviewed

Confirmed

Issue has been confirmed

Reviewed

Duplicate

This issue or pull request already exists

Reviewed

Invalid

Invalid issue

Reviewed

Won't Fix

This issue won't be fixed

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

Kind

Feature

Priority

Low

Reviewed

Confirmed

Status

Blocked

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

cat maemachinebroke noir ophestra

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: security/hakurei#15

No description provided.