subconsciouscompute / seccomp-pledge Goto Github PK
View Code? Open in Web Editor NEWseccomp-BPF filtering and pledge/unveil sandboxing for Linux
License: GNU Affero General Public License v3.0
seccomp-pledge's Issues
todo list for completion of seccomp-pledge
Great work on the project and related materials, @DeviousCilantro! ๐ Keep up the good work. We're now going to use this issue to create a checklist of small tasks that still need to be done.
- Run
cargo clippy -- -W clippy::pedanticand apply appropriate changes (you might wanna read all of them as some might cause regression, you can apply them automatically usingcargo clippy --fix -- -W clippy::pedanticbut best to go through them) - Move checks for BIF JIT, dependencies, etc. out of the
fn mainfunction. This way, we can avoid a bit of overhead. Instead, we should ideally have afn check()function that is called through a command line argument, such as-checkor-no_check. - Tests: We can launch commands like
lswith and without restrictions (lsthe project folder) to see if we get the expected output. - Benchmarks: While there may not be a specific need for them, we will include tests in the benchmarking process for the sake of completeness.
- Non-interactive mode: The current program runs in an interactive way, but we should also have a simple one-liner, for example:
./seccomp_pledge -check -v -p 'stdio rpath' lssimilar topledge. - Add more examples in
README
Don't worry about CI and other things, I will update the project with it, along with the skeleton for tests and benchmarks. A few good starting points for you might be:
A few good starting points for you might be:
- writing tests and writing tests for command line
- benchmarking, just throw every test inside
blackbox - Command Line Applications in Rust
Unable to Cross compile seccom-pledge for OpenWrt
Hi,
We are unable to cross-compile the project for OpenWrt. Please let us know what are the architectures it can support. The OpenWrt router we have has MIPS architecture.
- CPU info for OpenWrt router
root@OpenWrt:~# cat /proc/cpuinfo
system type : MediaTek MT7621 ver:1 eco:3
machine : Linksys E5600
processor : 0
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 1
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available
processor : 2
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 1
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 3
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal
vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 1
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available
- Following errors occurred while we build the project
dora@openwrtbuildpc:~/coderepo/openwrt/seccomp-pledge$ cargo build --release --target mips-unknown-linux-musl
Compiling serde v1.0.152
Compiling libc v0.2.139
Compiling serde_json v1.0.91
Compiling itoa v1.0.5
Compiling ryu v1.0.12
Compiling optional-fields-serde-macro v0.1.1
Compiling optional-field v0.1.3
Compiling seccompiler v0.3.0
Compiling seccomp-pledge v0.1.0 (/home/dora/coderepo/openwrt/seccomp-pledge)
error[E0432]: unresolved import `seccompiler::BpfMap`
--> src/main.rs:2:5
|
2 | use seccompiler::BpfMap;
| ^^^^^^^^^^^^^^^^^^^ no `BpfMap` in the root
error[E0433]: failed to resolve: could not find `TargetArch` in `seccompiler`
--> src/main.rs:411:22
|
411 | seccompiler::TargetArch::x86_64,
| ^^^^^^^^^^ could not find `TargetArch` in `seccompiler`
error[E0425]: cannot find function `compile_from_json` in crate `seccompiler`
--> src/main.rs:409:66
|
409 | ...compiler::compile_from_json(
| ^^^^^^^^^^^^^^^^^ not found in `seccompiler`
error[E0425]: cannot find function `apply_filter` in crate `seccompiler`
--> src/main.rs:428:21
|
428 | if seccompiler::apply_filter(filter).is_err() {
| ^^^^^^^^^^^^ not found in `seccompiler`
Some errors have detailed explanations: E0425, E0432, E0433.
For more information about an error, try `rustc --explain E0425`.
error: could not compile `seccomp-pledge` due to 4 previous errors
dora@openwrtbuildpc:~/coderepo/openwrt/seccomp-pledge$
You can find the further details here
https://www.notion.so/subcom/Daily-Logs-ef770c7e27f7457f875a198c65a5f604
Please let us know how to solve these errors.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.