mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
kore/src
History
Joris Vink 296fe7a6d4 seccomp improvements. 
More BPF helper macros, more helper for granular syscall checking.
Use these throughout kore where it makes sense.

The new helpers:

- KORE_SYSCALL_DENY_ARG(name, arg, value, errno):
	Deny the system call with errno if the argument matches value.

- KORE_SYSCALL_DENY_MASK(name, arg, mask, errno):
	Deny the system call with errno if the mask argument does not match
	the exact mask given.

- KORE_SYSCALL_DENY_WITH_FLAG(name, arg, flag, errno):
	Deny the system call with errno if the argument contains the
	given flag.

The reverse also exists:

- KORE_SYSCALL_ALLOW_ARG()
- KORE_SYSCALL_ALLOW_MASK()
- KORE_SYSCALL_ALLOW_WITH_FLAG()
 		2019-09-26 13:51:53 +02:00
..
accesslog.c Set req->agent to "-" if it is NULL, as do other major HTTP servers. 2019-06-09 21:36:12 +02:00
auth.c explicitly include sys/types.h 2019-03-06 09:29:46 +01:00
bsd.c Add seccomp syscall filtering to kore. 2019-09-25 14:31:20 +02:00
buf.c explicitly include sys/types.h 2019-03-06 09:29:46 +01:00
cli.c allow python modules to set progname. 2019-09-04 20:37:33 +02:00
config.c Add asynchronous libcurl support. 2019-04-24 00:15:17 +02:00
connection.c remove debug 2019-04-11 20:54:29 +02:00
curl.c seccomp improvements. 2019-09-26 13:51:53 +02:00
domain.c move libressl support to minimum 3.3.0. 2019-09-25 15:39:39 +02:00
filemap.c bump copyright to 2019 2019-02-22 16:57:28 +01:00
fileref.c make sure stdint.h is always included. 2019-03-29 19:25:27 +01:00
http.c http_argument_decode() can fail. 2019-08-02 11:34:45 +02:00
jsonrpc.c JSONRPC Updated to last kore_buf* commit 2016-07-15 13:17:30 +02:00
keymgr.c add 2 more missing syscalls for musl to keymgr. 2019-09-26 10:20:30 +02:00
kore.c Add seccomp syscall filtering to kore. 2019-09-25 14:31:20 +02:00
linux.c Add seccomp syscall filtering to kore. 2019-09-25 14:31:20 +02:00
mem.c explicitly include sys/types.h 2019-03-06 09:29:46 +01:00
module.c get rid of mtime in modules. 2019-06-09 23:24:53 +02:00
msg.c explicitly include sys/types.h 2019-03-06 09:29:46 +01:00
net.c swap sockets to use send/recv and update seccomp. 2019-09-26 09:53:51 +02:00
pgsql.c seccomp improvements. 2019-09-26 13:51:53 +02:00
pool.c explicitly include sys/types.h 2019-03-06 09:29:46 +01:00
python.c Add seccomp syscall filtering to kore. 2019-09-25 14:31:20 +02:00
runtime.c explicitly include sys/types.h 2019-03-06 09:29:46 +01:00
seccomp.c seccomp improvements. 2019-09-26 13:51:53 +02:00
tasks.c swap sockets to use send/recv and update seccomp. 2019-09-26 09:53:51 +02:00
timer.c rework timers so they fire more predictably. 2019-03-21 10:17:08 +01:00
utils.c Add asynchronous libcurl support. 2019-04-24 00:15:17 +02:00
validator.c explicitly include sys/types.h 2019-03-06 09:29:46 +01:00
websocket.c http_timeout must be 0 when upgrading to websockets 2019-05-05 14:47:04 +02:00
worker.c properly seccomp keymgr 2019-09-25 14:41:09 +02:00