Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | mdwx: block memfd_create | 2019-03-05 | |
| | | | | | Some profiles may need adjusting if app uses memfd_create(2) and memory-deny-write-execute was enabled. | ||
* | move copyright statement to 2019 | 2019-02-07 | |
| | |||
* | fix small memleak | 2019-02-05 | |
| | |||
* | removed mincore syscall from default seccomp filter | 2019-01-23 | |
| | |||
* | adding mincore syscall to the default seccomp filter and some independent ↵ | 2019-01-14 | |
| | | | | profiles | ||
* | remove seccomp warning | 2018-09-09 | |
| | |||
* | Add personality to allow-debuggers (see #2021) | 2018-07-09 | |
| | |||
* | reverted commit 5a3eefa6e70e824f545add9169202f788a9ce14d, issue #1948 | 2018-05-20 | |
| | |||
* | tentative fix for issue #1948 | 2018-05-19 | |
| | |||
* | remove 64bit seccomp filter from 32bit architectures | 2018-05-06 | |
| | |||
* | consolidate makefiles | 2018-03-31 | |
| | |||
* | support Spectre mitigation patch for gcc compiler | 2018-03-23 | |
| | |||
* | move copyright statement to 2018 | 2018-01-14 | |
| | |||
* | replacing seccomp printing with a seccomp disassembler | 2017-12-28 | |
| | |||
* | strip trailing whitespace | 2017-11-19 | |
| | |||
* | seccomp mdwx: block pkey_mprotect like mprotect | 2017-11-11 | |
| | |||
* | Improve seccomp architecture support | 2017-09-10 | |
| | |||
* | "module" is already included in "privileged" | 2017-09-04 | |
| | |||
* | Improve seccomp support for non-x86 architectures | 2017-09-02 | |
| | |||
* | Workaround for build problems, but correct problem this time | 2017-09-02 | |
| | |||
* | Workaround for build problems on arm64, s390x and sparc64 | 2017-09-01 | |
| | |||
* | Improve cross-platform build | 2017-08-30 | |
| | |||
* | fix seccomp secondary filter printing on i386 platform | 2017-08-30 | |
| | |||
* | tentative fix for Debian cross-platform build | 2017-08-30 | |
| | |||
* | cleanup | 2017-08-27 | |
| | |||
* | fix seccomp.keep for #1490 | 2017-08-23 | |
| | |||
* | cleanup | 2017-08-23 | |
| | |||
* | seccomp: fix errno | 2017-08-22 | |
| | |||
* | Feature: switch/config option to block secondary architectures | 2017-08-19 | |
| | | | | | | | | | Add a feature for a new (opt-in) command line switch and config file option to block secondary architectures entirely. Also block changing Linux execution domain with personality() system call for the primary architecture. Closes #1479 | ||
* | Postpone installation of seccomp filters just before execve | 2017-08-19 | |
| | |||
* | seccomp testing | 2017-08-18 | |
| | |||
* | memory-deny-write-execute testing | 2017-08-18 | |
| | |||
* | compile cleanup | 2017-08-15 | |
| | |||
* | Fix copy-paste | 2017-08-13 | |
| | |||
* | Allow any syscall to be blacklisted (#1447) | 2017-08-13 | |
| | | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447 | ||
* | Seccomp: split @default into more meaningful smaller groups | 2017-08-06 | |
| | |||
* | Seccomp: system call grouping and call numbers | 2017-08-06 | |
| | |||
* | get_mempolicy syscall was temporarily removed from the default seccomp list. ↵ | 2017-08-02 | |
| | | | | | | It seems to break playing youtube videos on Firefox Nightly - #1414 | ||
* | Memory-deny-write-execute feature | 2017-07-30 | |
| | | | | Feature to block attempts to create writable and executable memory. | ||
* | Improve seccomp printing | 2017-07-28 | |
| | |||
* | Improve cross build support by using configured compiler instead of make default | 2017-07-26 | |
| | | | | https://bugs.debian.org/869707 | ||
* | Block some obsolete or unusual syscalls | 2017-07-25 | |
| | |||
* | Remove trailing whitespace from src/ | 2017-05-24 | |
| | |||
* | compile fixes on 32bit platforms | 2017-05-12 | |
| | |||
* | --quiet fixes | 2017-04-10 | |
| | |||
* | add new syscalls in default seccomp filter | 2017-03-31 | |
| | |||
* | copyright 2017 | 2017-02-11 | |
| | |||
* | copyright 2017 | 2017-02-11 | |
| | |||
* | cleanup | 2016-11-27 | |
| | |||
* | fixes | 2016-11-27 | |
| |