Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | cleanup after scan-build | netblue30 | 2019-10-31 |
| | |||
* | Revert changes in #2928 to seccomp group @default | Topi Miettinen | 2019-09-04 |
| | | | | | Reconstruct @default by not relying on the changed system call groups @privileged and @resources. | ||
* | Merge pull request #2928 from topimiettinen/seccomp-more-groups | netblue30 | 2019-08-29 |
|\ | | | | | Add further seccomp groups | ||
| * | Add further seccomp groups | Topi Miettinen | 2019-08-28 |
| | | | | | | | | Get further seccomp group definitions from systemd. | ||
* | | Allow exceptions to seccomp lists | Topi Miettinen | 2019-08-25 |
|/ | | | | | | | Prefix ! can be used to make exceptions to system call blacklists and whitelists used by seccomp, seccomp.drop and seccomp.keep. Closes #1366 | ||
* | mdwx: block memfd_create | Topi Miettinen | 2019-03-05 |
| | | | | | Some profiles may need adjusting if app uses memfd_create(2) and memory-deny-write-execute was enabled. | ||
* | move copyright statement to 2019 | smitsohu | 2019-02-07 |
| | |||
* | fix small memleak | Reiner Herrmann | 2019-02-05 |
| | |||
* | removed mincore syscall from default seccomp filter | netblue30 | 2019-01-23 |
| | |||
* | adding mincore syscall to the default seccomp filter and some independent ↵ | netblue30 | 2019-01-14 |
| | | | | profiles | ||
* | remove seccomp warning | netblue30 | 2018-09-09 |
| | |||
* | Add personality to allow-debuggers (see #2021) | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-07-09 |
| | |||
* | reverted commit 5a3eefa6e70e824f545add9169202f788a9ce14d, issue #1948 | netblue30 | 2018-05-20 |
| | |||
* | tentative fix for issue #1948 | netblue30 | 2018-05-19 |
| | |||
* | remove 64bit seccomp filter from 32bit architectures | netblue30 | 2018-05-06 |
| | |||
* | consolidate makefiles | netblue30 | 2018-03-31 |
| | |||
* | support Spectre mitigation patch for gcc compiler | netblue30 | 2018-03-23 |
| | |||
* | move copyright statement to 2018 | startx2017 | 2018-01-14 |
| | |||
* | replacing seccomp printing with a seccomp disassembler | netblue30 | 2017-12-28 |
| | |||
* | strip trailing whitespace | Fred-Barclay | 2017-11-19 |
| | |||
* | seccomp mdwx: block pkey_mprotect like mprotect | Topi Miettinen | 2017-11-11 |
| | |||
* | Improve seccomp architecture support | Topi Miettinen | 2017-09-10 |
| | |||
* | "module" is already included in "privileged" | smitsohu | 2017-09-04 |
| | |||
* | Improve seccomp support for non-x86 architectures | Topi Miettinen | 2017-09-02 |
| | |||
* | Workaround for build problems, but correct problem this time | Topi Miettinen | 2017-09-02 |
| | |||
* | Workaround for build problems on arm64, s390x and sparc64 | Topi Miettinen | 2017-09-01 |
| | |||
* | Improve cross-platform build | Topi Miettinen | 2017-08-30 |
| | |||
* | fix seccomp secondary filter printing on i386 platform | netblue30 | 2017-08-30 |
| | |||
* | tentative fix for Debian cross-platform build | netblue30 | 2017-08-30 |
| | |||
* | cleanup | netblue30 | 2017-08-27 |
| | |||
* | fix seccomp.keep for #1490 | netblue30 | 2017-08-23 |
| | |||
* | cleanup | netblue30 | 2017-08-23 |
| | |||
* | seccomp: fix errno | netblue30 | 2017-08-22 |
| | |||
* | Feature: switch/config option to block secondary architectures | Topi Miettinen | 2017-08-19 |
| | | | | | | | | | Add a feature for a new (opt-in) command line switch and config file option to block secondary architectures entirely. Also block changing Linux execution domain with personality() system call for the primary architecture. Closes #1479 | ||
* | Postpone installation of seccomp filters just before execve | Topi Miettinen | 2017-08-19 |
| | |||
* | seccomp testing | netblue30 | 2017-08-18 |
| | |||
* | memory-deny-write-execute testing | netblue30 | 2017-08-18 |
| | |||
* | compile cleanup | startx2017 | 2017-08-15 |
| | |||
* | Fix copy-paste | Topi Miettinen | 2017-08-13 |
| | |||
* | Allow any syscall to be blacklisted (#1447) | Topi Miettinen | 2017-08-13 |
| | | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447 | ||
* | Seccomp: split @default into more meaningful smaller groups | Topi Miettinen | 2017-08-06 |
| | |||
* | Seccomp: system call grouping and call numbers | Topi Miettinen | 2017-08-06 |
| | |||
* | get_mempolicy syscall was temporarily removed from the default seccomp list. ↵ | netblue30 | 2017-08-02 |
| | | | | | | It seems to break playing youtube videos on Firefox Nightly - #1414 | ||
* | Memory-deny-write-execute feature | Topi Miettinen | 2017-07-30 |
| | | | | Feature to block attempts to create writable and executable memory. | ||
* | Improve seccomp printing | Topi Miettinen | 2017-07-28 |
| | |||
* | Improve cross build support by using configured compiler instead of make default | Helmut Grohne | 2017-07-26 |
| | | | | https://bugs.debian.org/869707 | ||
* | Block some obsolete or unusual syscalls | Topi Miettinen | 2017-07-25 |
| | |||
* | Remove trailing whitespace from src/ | Fred Barclay | 2017-05-24 |
| | |||
* | compile fixes on 32bit platforms | netblue30 | 2017-05-12 |
| | |||
* | --quiet fixes | startx2017 | 2017-04-10 |
| |