GIT.Harvie.CZ
/
mirrors
/
Programs.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
06d21dc
)
SECCOMP docs
author
Tomas Mudrunka
<tomas@mudrunka.cz>
Mon, 10 Feb 2014 21:59:08 +0000
(22:59 +0100)
committer
Tomas Mudrunka
<tomas@mudrunka.cz>
Mon, 10 Feb 2014 21:59:08 +0000
(22:59 +0100)
c/seccomp.c
patch
|
blob
|
blame
|
history
diff --git
a/c/seccomp.c
b/c/seccomp.c
index 0b740f32f7225f91d7d8511364fe17d6cd9060f5..527daea30c9dac9c946b5810e96b8c8bae232b43 100644
(file)
--- a/
c/seccomp.c
+++ b/
c/seccomp.c
@@
-1,6
+1,13
@@
-/* seccomp.c
+/*
+ * seccomp.c (Harvie 2o14)
*
* This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux.
*
* This demonstrates how to use SECCOMP_MODE_STRICT to sandbox code on Linux.
+ * You need kernel compiled with CONFIG_SECCOMP=y.
+ * This prohibits everything except read(2), write(2), _exit(2), and sigreturn(2).
+ * Trying to use other syscalls will result in SIGKILL.
+ * If you need to enable more syscalls you can use SECCOMP_MODE_FILTER instead.
+ * See man 2 prctl for more...
+ *
*/
#include <string.h>
*/
#include <string.h>
This page took
0.130831 seconds
and
4
git commands to generate.