mirror of
https://git.kore.io/kore.git
synced 2024-11-16 06:56:33 +01:00
cd9971247c
With this commit all Kore processes (minus the parent) are running under seccomp. The worker processes get the bare minimum allowed syscalls while each module like curl, pgsql, etc will add their own filters to allow what they require. New API functions: int kore_seccomp_filter(const char *name, void *filter, size_t len); Adds a filter into the seccomp system (must be called before seccomp is enabled). New helpful macro: define KORE_SYSCALL_ALLOW(name) Allow the syscall with a given name, should be used in a sock_filter data structure. New hooks: void kore_seccomp_hook(void); Called before seccomp is enabled, allows developers to add their own BPF filters into seccomp.
14 lines
109 B
Plaintext
14 lines
109 B
Plaintext
kore
|
|
*.o
|
|
*.swp
|
|
*.swo
|
|
*.module
|
|
*.DSYM
|
|
cert
|
|
obj
|
|
.lvimrc
|
|
kodev/kodev
|
|
kore.features
|
|
src/version.c
|
|
src/platform.h
|