subconsciouscompute / seccomp-pledge Goto Github PK
View Code? Open in Web Editor NEWseccomp-BPF filtering and pledge/unveil sandboxing for Linux
License: GNU Affero General Public License v3.0
seccomp-BPF filtering and pledge/unveil sandboxing for Linux
License: GNU Affero General Public License v3.0
Great work on the project and related materials, @DeviousCilantro! ๐ Keep up the good work. We're now going to use this issue to create a checklist of small tasks that still need to be done.
cargo clippy -- -W clippy::pedantic
and apply appropriate changes (you might wanna read all of them as some might cause regression, you can apply them automatically using cargo clippy --fix -- -W clippy::pedantic
but best to go through them)fn main
function. This way, we can avoid a bit of overhead. Instead, we should ideally have a fn check()
function that is called through a command line argument, such as -check
or -no_check
.ls
with and without restrictions (ls
the project folder) to see if we get the expected output../seccomp_pledge -check -v -p 'stdio rpath' ls
similar to pledge
.README
Don't worry about CI
and other things, I will update the project with it, along with the skeleton for tests and benchmarks. A few good starting points for you might be:
A few good starting points for you might be:
blackbox
Hi,
We are unable to cross-compile the project for OpenWrt. Please let us know what are the architectures it can support. The OpenWrt router we have has MIPS architecture.
root@OpenWrt:~# cat /proc/cpuinfo
system type : MediaTek MT7621 ver:1 eco:3
machine : Linksys E5600
processor : 0
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 1
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available
processor : 2
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 1
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 3
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 1
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available
dora@openwrtbuildpc:~/coderepo/openwrt/seccomp-pledge$ cargo build --release --target mips-unknown-linux-musl
Compiling serde v1.0.152
Compiling libc v0.2.139
Compiling serde_json v1.0.91
Compiling itoa v1.0.5
Compiling ryu v1.0.12
Compiling optional-fields-serde-macro v0.1.1
Compiling optional-field v0.1.3
Compiling seccompiler v0.3.0
Compiling seccomp-pledge v0.1.0 (/home/dora/coderepo/openwrt/seccomp-pledge)
error[E0432]: unresolved import `seccompiler::BpfMap`
--> src/main.rs:2:5
|
2 | use seccompiler::BpfMap;
| ^^^^^^^^^^^^^^^^^^^ no `BpfMap` in the root
error[E0433]: failed to resolve: could not find `TargetArch` in `seccompiler`
--> src/main.rs:411:22
|
411 | seccompiler::TargetArch::x86_64,
| ^^^^^^^^^^ could not find `TargetArch` in `seccompiler`
error[E0425]: cannot find function `compile_from_json` in crate `seccompiler`
--> src/main.rs:409:66
|
409 | ...compiler::compile_from_json(
| ^^^^^^^^^^^^^^^^^ not found in `seccompiler`
error[E0425]: cannot find function `apply_filter` in crate `seccompiler`
--> src/main.rs:428:21
|
428 | if seccompiler::apply_filter(filter).is_err() {
| ^^^^^^^^^^^^ not found in `seccompiler`
Some errors have detailed explanations: E0425, E0432, E0433.
For more information about an error, try `rustc --explain E0425`.
error: could not compile `seccomp-pledge` due to 4 previous errors
dora@openwrtbuildpc:~/coderepo/openwrt/seccomp-pledge$
You can find the further details here
https://www.notion.so/subcom/Daily-Logs-ef770c7e27f7457f875a198c65a5f604
Please let us know how to solve these errors.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.