nc7s
commented
2 months ago Do you mean like, syscalls(2) syscalls? Then I'm not even sure where to start looking. Mind giving some pointers?
Closed kpcyrd closed 2 months ago
nc7s
commented
2 months ago Do you mean like, syscalls(2) syscalls? Then I'm not even sure where to start looking. Mind giving some pointers?
kpcyrd
commented
2 months ago Yes. :) This project implements sandboxing with (among other things) seccomp:
https://github.com/kpcyrd/sniffglue/blob/main/src/sandbox/seccomp.rs
The current filter was built with trial and error over time, but any change in the following may introduce use of a new syscall (because this is (rightfully) not considered semver breaking):
I'm not asking you to do this work, I'm doing some testing right now myself, I'm about to ping a friend on irc who's very interested in arm, and in case nobody reports any issues I'm planning to merge and release this. :)
kpcyrd
commented
2 months ago @nc7s I've uploaded tls-parser 0.12.1 to Debian, after that upload went through I can upload the new sniffglue version.
nc7s
commented
2 months ago Thanks! plugwash uploaded sniffglue already so we can wait for buildds to settle it down :>
Updates uzers to 0.12
I'm slightly hesitant because it's very difficult to figure out if there are any new syscalls that need to be allow-listed, feedback/testing very welcome. :)
cc: @nc7s