-
Looks like `syscall_limiter` can't prevent the process it's trying to limit from using `execve` since it needs to use `execve` itself:
```
$ LIMIT_SYSCALLS_DEFAULT_ACTION=a ./result/bin/limit_syscall…
obadz updated
8 years ago
-
```shell
taekkim@DESKTOP-0REN5FP:~/minishell$ ls asdkhaskjdhaskjdhask
ls: cannot access 'asdkhaskjdhaskjdhask': No such file or directory
taekkim@DESKTOP-0REN5FP:~/minishell$ ls -----a
ls: unrecog…
-
The problem tweak I'm using is EQE. Here's the error when I try to launch the app:
```
Jan 13 00:37:42 Alis-iPhone kernel(Sandbox)[0] : SandboxViolation: luajit(371) deny(1) process-exec* /private…
-
rule:
```yaml
- rule: procoess exec
desc: notice process exec
condition: >
(evt.dir=< and evt.type in (execve, execveat) and not proc.exepath in (dyrace) and not proc.cmdline contains "/o…
-
Hi, while doing our work we noticed *probably* a minor bug in Laurel that on some events it generates a json without the EXECVE/PROCTITLE key.
We checked /var/log/audit and filtered based on `msg`, …
-
Hi!
I have added sha256 enrichment to the SYSCALL event if it has an "exe" field. However, it is not possible to compile a laurel file that works on all linux versions (ubuntu, debian, oracle, etc).…
-
### systemd version the issue has been seen with
systemd-253.2-1.fc38
### Used distribution
Fedora 38
### Linux kernel version used
6.2.14-300.fc38.x86_64
### CPU architectures issu…
-
Dear Christian Ledig,
After reading about the performance of the MALP-EM tool I was curious to check the performance myself on my own dataset. I have been using FMRIB FSL for a few years, the segme…
-
Distro packages for strace seem to disable the test suite on riscv64 (see for example [Fedora](http://fedora.riscv.rocks:3000/rpms/strace/src/commit/37fbe25da5896569c05efd0f2b8c4f01010bbe87/strace.spe…
-
As mentioned in https://github.com/start-jsk/rtmros_gazebo/issues/35#issuecomment-42056875, rtmlaunch launches rtcd with execve.
Because of this, environment variables are not taken over to rtcd proc…