OpenBSD's "pledge" interface could be implemented by libseccomp on Linux https://outflux.net/blog/archives/2015/11/11/evolution-of-seccomp/ …
-
-
@kees_cook@securepaul There's a simple MIT-licensed auto-learning implementation in https://github.com/thestinger/playpen …. Doesn't trace children yet. -
@CopperheadSec@kees_cook Thanks, auto-learn functionality is on my wishlist. Interested in working on merge into libseccomp? -
@securepaul@kees_cook Yes, definitely. Need to teach it to trace children of the traced child though. Had trouble making it robust. -
@CopperheadSec@kees_cook Great! The API might be tricky, but we'll figure it out. Also need to make sure it works the same on all arches. -
@securepaul@CopperheadSec https://github.com/dimkr/libwaive Oh look, already written. :P
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.