1
0
mirror of https://git.kore.io/kore.git synced 2024-11-16 06:56:33 +01:00
kore/.gitignore
Joris Vink cd9971247c Add seccomp syscall filtering to kore.
With this commit all Kore processes (minus the parent) are running
under seccomp.

The worker processes get the bare minimum allowed syscalls while each module
like curl, pgsql, etc will add their own filters to allow what they require.

New API functions:
    int kore_seccomp_filter(const char *name, void *filter, size_t len);

    Adds a filter into the seccomp system (must be called before
    seccomp is enabled).

New helpful macro:
    define KORE_SYSCALL_ALLOW(name)

    Allow the syscall with a given name, should be used in
    a sock_filter data structure.

New hooks:
    void kore_seccomp_hook(void);

    Called before seccomp is enabled, allows developers to add their
    own BPF filters into seccomp.
2019-09-25 14:31:20 +02:00

14 lines
109 B
Plaintext

kore
*.o
*.swp
*.swo
*.module
*.DSYM
cert
obj
.lvimrc
kodev/kodev
kore.features
src/version.c
src/platform.h