diff options
-rw-r--r-- | README.md | 119 | ||||
-rw-r--r-- | RELNOTES | 18 | ||||
-rw-r--r-- | etc/mpv.profile | 1 | ||||
-rw-r--r-- | etc/vlc.profile | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 154 |
5 files changed, 264 insertions, 29 deletions
@@ -98,6 +98,125 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir | |||
98 | ````` | 98 | ````` |
99 | # Current development version: 0.9.53 | 99 | # Current development version: 0.9.53 |
100 | 100 | ||
101 | ## Seccomp development | ||
102 | |||
103 | Replaced the our seccomp disassembler with a real disassembler lifted from | ||
104 | libseccomp (GPLv2, Paul Moore, Red Hat). The code is in src/fsec-print directory. | ||
105 | ````` | ||
106 | $ firejail --seccomp.print=browser | ||
107 | line OP JT JF K | ||
108 | ================================= | ||
109 | 0000: 20 00 00 00000004 ld data.architecture | ||
110 | 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) | ||
111 | 0002: 06 00 00 7fff0000 ret ALLOW | ||
112 | 0003: 20 00 00 00000000 ld data.syscall-number | ||
113 | 0004: 35 01 00 40000000 jge X32_ABI true:0006 (false 0005) | ||
114 | 0005: 35 01 00 00000000 jge read 0007 (false 0006) | ||
115 | 0006: 06 00 00 00050001 ret ERRNO(1) | ||
116 | 0007: 15 41 00 0000009a jeq modify_ldt 0049 (false 0008) | ||
117 | 0008: 15 40 00 000000d4 jeq lookup_dcookie 0049 (false 0009) | ||
118 | 0009: 15 3f 00 0000012a jeq perf_event_open 0049 (false 000a) | ||
119 | 000a: 15 3e 00 00000137 jeq process_vm_writev 0049 (false 000b) | ||
120 | 000b: 15 3d 00 0000009c jeq _sysctl 0049 (false 000c) | ||
121 | 000c: 15 3c 00 000000b7 jeq afs_syscall 0049 (false 000d) | ||
122 | 000d: 15 3b 00 000000ae jeq create_module 0049 (false 000e) | ||
123 | 000e: 15 3a 00 000000b1 jeq get_kernel_syms 0049 (false 000f) | ||
124 | 000f: 15 39 00 000000b5 jeq getpmsg 0049 (false 0010) | ||
125 | 0010: 15 38 00 000000b6 jeq putpmsg 0049 (false 0011) | ||
126 | 0011: 15 37 00 000000b2 jeq query_module 0049 (false 0012) | ||
127 | 0012: 15 36 00 000000b9 jeq security 0049 (false 0013) | ||
128 | 0013: 15 35 00 0000008b jeq sysfs 0049 (false 0014) | ||
129 | 0014: 15 34 00 000000b8 jeq tuxcall 0049 (false 0015) | ||
130 | 0015: 15 33 00 00000086 jeq uselib 0049 (false 0016) | ||
131 | 0016: 15 32 00 00000088 jeq ustat 0049 (false 0017) | ||
132 | 0017: 15 31 00 000000ec jeq vserver 0049 (false 0018) | ||
133 | 0018: 15 30 00 0000009f jeq adjtimex 0049 (false 0019) | ||
134 | 0019: 15 2f 00 00000131 jeq clock_adjtime 0049 (false 001a) | ||
135 | 001a: 15 2e 00 000000e3 jeq clock_settime 0049 (false 001b) | ||
136 | 001b: 15 2d 00 000000a4 jeq settimeofday 0049 (false 001c) | ||
137 | 001c: 15 2c 00 000000b0 jeq delete_module 0049 (false 001d) | ||
138 | 001d: 15 2b 00 00000139 jeq finit_module 0049 (false 001e) | ||
139 | 001e: 15 2a 00 000000af jeq init_module 0049 (false 001f) | ||
140 | 001f: 15 29 00 000000ad jeq ioperm 0049 (false 0020) | ||
141 | 0020: 15 28 00 000000ac jeq iopl 0049 (false 0021) | ||
142 | 0021: 15 27 00 000000f6 jeq kexec_load 0049 (false 0022) | ||
143 | 0022: 15 26 00 00000140 jeq kexec_file_load 0049 (false 0023) | ||
144 | 0023: 15 25 00 000000a9 jeq reboot 0049 (false 0024) | ||
145 | 0024: 15 24 00 000000a7 jeq swapon 0049 (false 0025) | ||
146 | 0025: 15 23 00 000000a8 jeq swapoff 0049 (false 0026) | ||
147 | 0026: 15 22 00 000000a3 jeq acct 0049 (false 0027) | ||
148 | 0027: 15 21 00 00000141 jeq bpf 0049 (false 0028) | ||
149 | 0028: 15 20 00 000000a1 jeq chroot 0049 (false 0029) | ||
150 | 0029: 15 1f 00 000000a5 jeq mount 0049 (false 002a) | ||
151 | 002a: 15 1e 00 000000b4 jeq nfsservctl 0049 (false 002b) | ||
152 | 002b: 15 1d 00 0000009b jeq pivot_root 0049 (false 002c) | ||
153 | 002c: 15 1c 00 000000ab jeq setdomainname 0049 (false 002d) | ||
154 | 002d: 15 1b 00 000000aa jeq sethostname 0049 (false 002e) | ||
155 | 002e: 15 1a 00 000000a6 jeq umount2 0049 (false 002f) | ||
156 | 002f: 15 19 00 00000099 jeq vhangup 0049 (false 0030) | ||
157 | 0030: 15 18 00 000000ee jeq set_mempolicy 0049 (false 0031) | ||
158 | 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) | ||
159 | 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) | ||
160 | 0033: 15 15 00 000000ed jeq mbind 0049 (false 0034) | ||
161 | 0034: 15 14 00 00000130 jeq open_by_handle_at 0049 (false 0035) | ||
162 | 0035: 15 13 00 0000012f jeq name_to_handle_at 0049 (false 0036) | ||
163 | 0036: 15 12 00 000000fb jeq ioprio_set 0049 (false 0037) | ||
164 | 0037: 15 11 00 00000067 jeq syslog 0049 (false 0038) | ||
165 | 0038: 15 10 00 0000012c jeq fanotify_init 0049 (false 0039) | ||
166 | 0039: 15 0f 00 00000138 jeq kcmp 0049 (false 003a) | ||
167 | 003a: 15 0e 00 000000f8 jeq add_key 0049 (false 003b) | ||
168 | 003b: 15 0d 00 000000f9 jeq request_key 0049 (false 003c) | ||
169 | 003c: 15 0c 00 000000fa jeq keyctl 0049 (false 003d) | ||
170 | 003d: 15 0b 00 000000ce jeq io_setup 0049 (false 003e) | ||
171 | 003e: 15 0a 00 000000cf jeq io_destroy 0049 (false 003f) | ||
172 | 003f: 15 09 00 000000d0 jeq io_getevents 0049 (false 0040) | ||
173 | 0040: 15 08 00 000000d1 jeq io_submit 0049 (false 0041) | ||
174 | 0041: 15 07 00 000000d2 jeq io_cancel 0049 (false 0042) | ||
175 | 0042: 15 06 00 000000d8 jeq remap_file_pages 0049 (false 0043) | ||
176 | 0043: 15 05 00 00000116 jeq vmsplice 0049 (false 0044) | ||
177 | 0044: 15 04 00 00000087 jeq personality 0049 (false 0045) | ||
178 | 0045: 15 03 00 00000143 jeq userfaultfd 0049 (false 0046) | ||
179 | 0046: 15 02 00 00000065 jeq ptrace 0049 (false 0047) | ||
180 | 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) | ||
181 | 0048: 06 00 00 7fff0000 ret ALLOW | ||
182 | 0049: 06 00 01 00000000 ret KILL | ||
183 | ````` | ||
184 | We are also introducing a seccomp optimizer, to be run directly on seccomp machine code | ||
185 | filters produced by Firejail. The code is in src/fsec-optimize. Currently only the default seccomp | ||
186 | filters built at compile time are run trough the optimizer. It will be extended and applied at run | ||
187 | time on all filters. | ||
188 | |||
189 | |||
190 | ## AppArmor development | ||
191 | |||
192 | AppArmor features are supported on overlayfs and chroot sandboxes. | ||
193 | |||
194 | We are in the process of streamlining our AppArmor profile. The restrictions for /proc, /sys | ||
195 | and /run/user directories were moved out of the profile into firejail executable. | ||
196 | |||
197 | We intend to start apparmor by default for browsers, torrent clients and media players. | ||
198 | So far we cover Firefox (firefox-common.profile), Chromium (chromium-common.profile), | ||
199 | transmission-qt, transmission-gtk, vlc and mpv. | ||
200 | |||
201 | "apparmor yes/no" flag in /etc/firejail/firejail.config file allows the user to enable/disable apparmor functionality globally | ||
202 | By default the flag is enabled. | ||
203 | |||
204 | Checking apparmor status: | ||
205 | ````` | ||
206 | $ firejail --apparmor.print=browser | ||
207 | 2146:netblue:/usr/bin/firejail /usr/bin/firefox-esr | ||
208 | AppArmor: firejail-default enforce | ||
209 | |||
210 | $ firemon --apparmor | ||
211 | 2072:netblue:firejail --chroot=/chroot/sid --net=eth0 | ||
212 | AppArmor: unconfined | ||
213 | 2146:netblue:/usr/bin/firejail /usr/bin/firefox-esr | ||
214 | AppArmor: firejail-default enforce | ||
215 | 4835:netblue:/usr/bin/firejail /usr/bin/vlc | ||
216 | AppArmor: firejail-default enforce | ||
217 | ````` | ||
218 | |||
219 | |||
101 | ## Browser profile unification | 220 | ## Browser profile unification |
102 | 221 | ||
103 | All Chromium and Firefox browsers have been unified to instead extend | 222 | All Chromium and Firefox browsers have been unified to instead extend |
@@ -1,13 +1,27 @@ | |||
1 | firejail (0.9.53) baseline; urgency=low | 1 | firejail (0.9.53) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * modif: restrictions for /proc, /sys and /run/user directories | ||
4 | are moved from AppArmor profile into firejail executable | ||
5 | * modif: unifying Chromium and Firefox browsers profiles. | ||
6 | All users of Firefox-based browsers who use addons and plugins | ||
7 | that read/write from ${HOME} will need to uncomment the includes for | ||
8 | firefox-common-addons.inc in firefox-common.profile. | ||
9 | * AppArmor support for overlayfs and chroot sandboxes | ||
10 | * Enable AppArmor by default for Firefox, Chromium, Transmission | ||
11 | VLC and mpv | ||
12 | * firejail --apparmor.print option | ||
13 | * firemon --apparmor option | ||
14 | * apparmor yes/no flag in /etc/firejail/firejail.config | ||
3 | * seccomp syscall list update for glibc 2.26-10 | 15 | * seccomp syscall list update for glibc 2.26-10 |
16 | * seccomp disassembler for --seccomp.print option | ||
17 | * seccomp machine code optimizer for default seccomp filters | ||
4 | * IPv6 DNS support | 18 | * IPv6 DNS support |
5 | * whitelist support for overlay and chroot sandboxes | 19 | * whitelist support for overlay and chroot sandboxes |
6 | * private-dev support for overlay and chroot sandboxes | 20 | * private-dev support for overlay and chroot sandboxes |
7 | * private-tmp support for overlay and chroot sandboxes | 21 | * private-tmp support for overlay and chroot sandboxes |
8 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, | 22 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, |
9 | * new profiles: discord-canary, pycharm-community, pycharm-professional, kaffeine, | 23 | * new profiles: discord-canary, pycharm-community, pycharm-professional, |
10 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt | 24 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, |
11 | -- netblue30 <netblue30@yahoo.com> Tue, 12 Dec 2017 08:00:00 -0500 | 25 | -- netblue30 <netblue30@yahoo.com> Tue, 12 Dec 2017 08:00:00 -0500 |
12 | 26 | ||
13 | firejail (0.9.52) baseline; urgency=low | 27 | firejail (0.9.52) baseline; urgency=low |
diff --git a/etc/mpv.profile b/etc/mpv.profile index 2e632eef2..e864d5d45 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -24,6 +24,7 @@ protocol unix,inet,inet6 | |||
24 | seccomp | 24 | seccomp |
25 | shell none | 25 | shell none |
26 | tracelog | 26 | tracelog |
27 | apparmor | ||
27 | 28 | ||
28 | private-bin mpv,youtube-dl,python*,env | 29 | private-bin mpv,youtube-dl,python*,env |
29 | private-dev | 30 | private-dev |
diff --git a/etc/vlc.profile b/etc/vlc.profile index e906d738c..c244be08b 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -23,6 +23,7 @@ noroot | |||
23 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
24 | seccomp | 24 | seccomp |
25 | shell none | 25 | shell none |
26 | apparmor | ||
26 | 27 | ||
27 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 28 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
28 | private-dev | 29 | private-dev |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 8704e53b3..b05a5a722 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1799,59 +1799,159 @@ Example: | |||
1799 | .br | 1799 | .br |
1800 | $ firejail \-\-name=browser firefox & | 1800 | $ firejail \-\-name=browser firefox & |
1801 | .br | 1801 | .br |
1802 | $ firejail \-\-seccomp.print=browser | 1802 | $ firejail --seccomp.print=browser |
1803 | .br | 1803 | .br |
1804 | SECCOMP Filter: | 1804 | line OP JT JF K |
1805 | .br | 1805 | .br |
1806 | VALIDATE_ARCHITECTURE | 1806 | ================================= |
1807 | .br | 1807 | .br |
1808 | EXAMINE_SYSCALL | 1808 | 0000: 20 00 00 00000004 ld data.architecture |
1809 | .br | 1809 | .br |
1810 | BLACKLIST 165 mount | 1810 | 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) |
1811 | .br | 1811 | .br |
1812 | BLACKLIST 166 umount2 | 1812 | 0002: 06 00 00 7fff0000 ret ALLOW |
1813 | .br | 1813 | .br |
1814 | BLACKLIST 101 ptrace | 1814 | 0003: 20 00 00 00000000 ld data.syscall-number |
1815 | .br | 1815 | .br |
1816 | BLACKLIST 246 kexec_load | 1816 | 0004: 35 01 00 40000000 jge X32_ABI true:0006 (false 0005) |
1817 | .br | 1817 | .br |
1818 | BLACKLIST 304 open_by_handle_at | 1818 | 0005: 35 01 00 00000000 jge read 0007 (false 0006) |
1819 | .br | 1819 | .br |
1820 | BLACKLIST 175 init_module | 1820 | 0006: 06 00 00 00050001 ret ERRNO(1) |
1821 | .br | 1821 | .br |
1822 | BLACKLIST 176 delete_module | 1822 | 0007: 15 41 00 0000009a jeq modify_ldt 0049 (false 0008) |
1823 | .br | 1823 | .br |
1824 | BLACKLIST 172 iopl | 1824 | 0008: 15 40 00 000000d4 jeq lookup_dcookie 0049 (false 0009) |
1825 | .br | 1825 | .br |
1826 | BLACKLIST 173 ioperm | 1826 | 0009: 15 3f 00 0000012a jeq perf_event_open 0049 (false 000a) |
1827 | .br | 1827 | .br |
1828 | BLACKLIST 167 swapon | 1828 | 000a: 15 3e 00 00000137 jeq process_vm_writev 0049 (false 000b) |
1829 | .br | 1829 | .br |
1830 | BLACKLIST 168 swapoff | 1830 | 000b: 15 3d 00 0000009c jeq _sysctl 0049 (false 000c) |
1831 | .br | 1831 | .br |
1832 | BLACKLIST 103 syslog | 1832 | 000c: 15 3c 00 000000b7 jeq afs_syscall 0049 (false 000d) |
1833 | .br | 1833 | .br |
1834 | BLACKLIST 310 process_vm_readv | 1834 | 000d: 15 3b 00 000000ae jeq create_module 0049 (false 000e) |
1835 | .br | 1835 | .br |
1836 | BLACKLIST 311 process_vm_writev | 1836 | 000e: 15 3a 00 000000b1 jeq get_kernel_syms 0049 (false 000f) |
1837 | .br | 1837 | .br |
1838 | BLACKLIST 133 mknod | 1838 | 000f: 15 39 00 000000b5 jeq getpmsg 0049 (false 0010) |
1839 | .br | 1839 | .br |
1840 | BLACKLIST 139 sysfs | 1840 | 0010: 15 38 00 000000b6 jeq putpmsg 0049 (false 0011) |
1841 | .br | 1841 | .br |
1842 | BLACKLIST 156 _sysctl | 1842 | 0011: 15 37 00 000000b2 jeq query_module 0049 (false 0012) |
1843 | .br | 1843 | .br |
1844 | BLACKLIST 159 adjtimex | 1844 | 0012: 15 36 00 000000b9 jeq security 0049 (false 0013) |
1845 | .br | 1845 | .br |
1846 | BLACKLIST 305 clock_adjtime | 1846 | 0013: 15 35 00 0000008b jeq sysfs 0049 (false 0014) |
1847 | .br | 1847 | .br |
1848 | BLACKLIST 212 lookup_dcookie | 1848 | 0014: 15 34 00 000000b8 jeq tuxcall 0049 (false 0015) |
1849 | .br | 1849 | .br |
1850 | BLACKLIST 298 perf_event_open | 1850 | 0015: 15 33 00 00000086 jeq uselib 0049 (false 0016) |
1851 | .br | 1851 | .br |
1852 | BLACKLIST 300 fanotify_init | 1852 | 0016: 15 32 00 00000088 jeq ustat 0049 (false 0017) |
1853 | .br | 1853 | .br |
1854 | RETURN_ALLOW | 1854 | 0017: 15 31 00 000000ec jeq vserver 0049 (false 0018) |
1855 | .br | ||
1856 | 0018: 15 30 00 0000009f jeq adjtimex 0049 (false 0019) | ||
1857 | .br | ||
1858 | 0019: 15 2f 00 00000131 jeq clock_adjtime 0049 (false 001a) | ||
1859 | .br | ||
1860 | 001a: 15 2e 00 000000e3 jeq clock_settime 0049 (false 001b) | ||
1861 | .br | ||
1862 | 001b: 15 2d 00 000000a4 jeq settimeofday 0049 (false 001c) | ||
1863 | .br | ||
1864 | 001c: 15 2c 00 000000b0 jeq delete_module 0049 (false 001d) | ||
1865 | .br | ||
1866 | 001d: 15 2b 00 00000139 jeq finit_module 0049 (false 001e) | ||
1867 | .br | ||
1868 | 001e: 15 2a 00 000000af jeq init_module 0049 (false 001f) | ||
1869 | .br | ||
1870 | 001f: 15 29 00 000000ad jeq ioperm 0049 (false 0020) | ||
1871 | .br | ||
1872 | 0020: 15 28 00 000000ac jeq iopl 0049 (false 0021) | ||
1873 | .br | ||
1874 | 0021: 15 27 00 000000f6 jeq kexec_load 0049 (false 0022) | ||
1875 | .br | ||
1876 | 0022: 15 26 00 00000140 jeq kexec_file_load 0049 (false 0023) | ||
1877 | .br | ||
1878 | 0023: 15 25 00 000000a9 jeq reboot 0049 (false 0024) | ||
1879 | .br | ||
1880 | 0024: 15 24 00 000000a7 jeq swapon 0049 (false 0025) | ||
1881 | .br | ||
1882 | 0025: 15 23 00 000000a8 jeq swapoff 0049 (false 0026) | ||
1883 | .br | ||
1884 | 0026: 15 22 00 000000a3 jeq acct 0049 (false 0027) | ||
1885 | .br | ||
1886 | 0027: 15 21 00 00000141 jeq bpf 0049 (false 0028) | ||
1887 | .br | ||
1888 | 0028: 15 20 00 000000a1 jeq chroot 0049 (false 0029) | ||
1889 | .br | ||
1890 | 0029: 15 1f 00 000000a5 jeq mount 0049 (false 002a) | ||
1891 | .br | ||
1892 | 002a: 15 1e 00 000000b4 jeq nfsservctl 0049 (false 002b) | ||
1893 | .br | ||
1894 | 002b: 15 1d 00 0000009b jeq pivot_root 0049 (false 002c) | ||
1895 | .br | ||
1896 | 002c: 15 1c 00 000000ab jeq setdomainname 0049 (false 002d) | ||
1897 | .br | ||
1898 | 002d: 15 1b 00 000000aa jeq sethostname 0049 (false 002e) | ||
1899 | .br | ||
1900 | 002e: 15 1a 00 000000a6 jeq umount2 0049 (false 002f) | ||
1901 | .br | ||
1902 | 002f: 15 19 00 00000099 jeq vhangup 0049 (false 0030) | ||
1903 | .br | ||
1904 | 0030: 15 18 00 000000ee jeq set_mempolicy 0049 (false 0031) | ||
1905 | .br | ||
1906 | 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) | ||
1907 | .br | ||
1908 | 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) | ||
1909 | .br | ||
1910 | 0033: 15 15 00 000000ed jeq mbind 0049 (false 0034) | ||
1911 | .br | ||
1912 | 0034: 15 14 00 00000130 jeq open_by_handle_at 0049 (false 0035) | ||
1913 | .br | ||
1914 | 0035: 15 13 00 0000012f jeq name_to_handle_at 0049 (false 0036) | ||
1915 | .br | ||
1916 | 0036: 15 12 00 000000fb jeq ioprio_set 0049 (false 0037) | ||
1917 | .br | ||
1918 | 0037: 15 11 00 00000067 jeq syslog 0049 (false 0038) | ||
1919 | .br | ||
1920 | 0038: 15 10 00 0000012c jeq fanotify_init 0049 (false 0039) | ||
1921 | .br | ||
1922 | 0039: 15 0f 00 00000138 jeq kcmp 0049 (false 003a) | ||
1923 | .br | ||
1924 | 003a: 15 0e 00 000000f8 jeq add_key 0049 (false 003b) | ||
1925 | .br | ||
1926 | 003b: 15 0d 00 000000f9 jeq request_key 0049 (false 003c) | ||
1927 | .br | ||
1928 | 003c: 15 0c 00 000000fa jeq keyctl 0049 (false 003d) | ||
1929 | .br | ||
1930 | 003d: 15 0b 00 000000ce jeq io_setup 0049 (false 003e) | ||
1931 | .br | ||
1932 | 003e: 15 0a 00 000000cf jeq io_destroy 0049 (false 003f) | ||
1933 | .br | ||
1934 | 003f: 15 09 00 000000d0 jeq io_getevents 0049 (false 0040) | ||
1935 | .br | ||
1936 | 0040: 15 08 00 000000d1 jeq io_submit 0049 (false 0041) | ||
1937 | .br | ||
1938 | 0041: 15 07 00 000000d2 jeq io_cancel 0049 (false 0042) | ||
1939 | .br | ||
1940 | 0042: 15 06 00 000000d8 jeq remap_file_pages 0049 (false 0043) | ||
1941 | .br | ||
1942 | 0043: 15 05 00 00000116 jeq vmsplice 0049 (false 0044) | ||
1943 | .br | ||
1944 | 0044: 15 04 00 00000087 jeq personality 0049 (false 0045) | ||
1945 | .br | ||
1946 | 0045: 15 03 00 00000143 jeq userfaultfd 0049 (false 0046) | ||
1947 | .br | ||
1948 | 0046: 15 02 00 00000065 jeq ptrace 0049 (false 0047) | ||
1949 | .br | ||
1950 | 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) | ||
1951 | .br | ||
1952 | 0048: 06 00 00 7fff0000 ret ALLOW | ||
1953 | .br | ||
1954 | 0049: 06 00 01 00000000 ret KILL | ||
1855 | .br | 1955 | .br |
1856 | $ | 1956 | $ |
1857 | .TP | 1957 | .TP |