diff options
| author | Thomas Habets <thomas@habets.se> | 2021-12-09 18:35:34 +0000 |
|---|---|---|
| committer | Thomas Habets <thomas@habets.se> | 2021-12-09 18:35:34 +0000 |
| commit | d847c55389c2de764d002770d3d87e6120000a8c (patch) | |
| tree | a233600ae5841aabe069455552caedb5ff7e11fe /doc/arping.yodl | |
| parent | fe93525db89db289178f2dbbfad92d7a88c8226a (diff) | |
| download | arping-d847c55389c2de764d002770d3d87e6120000a8c.tar.gz | |
Add seccomp to drop syscall access before receiving any packets
seccomp is not as good as pledge(), in that different systems, and
even different versions of any of the transitively dependent
libraries, will need different syscalls.
This feature is therefore off by default, and should be considered
experimental.
Maybe the right long term solution is to blacklist, not
whitelist. Which is also not great, as new syscalls get created.
Diffstat (limited to 'doc/arping.yodl')
| -rw-r--r-- | doc/arping.yodl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/arping.yodl b/doc/arping.yodl index c907fdb..2bc3256 100644 --- a/doc/arping.yodl +++ b/doc/arping.yodl @@ -36,7 +36,6 @@ manpagedescription() manpageoptions() -startdit() dit(--help) Show extended help. Not quite as extensive as this manpage, but more than -h. dit(-0) Use this option to ping with source IP address 0.0.0.0. Use this @@ -104,7 +103,8 @@ mancommand(.sp) dit(-V em(vlan)) VLAN tag to set. Defaults to no VLAN tag. dit(-w em(sec)) Specify a timeout before ping exits regardless of how many packets have been sent or received. dit(-W em(sec)) Time to wait between pings. -enddit() + dit(-z) Enable seccomp (default seccomp state depends on compile options) + dit(-Z) Disable seccomp (default seccomp state depends on compile options) manpagesection(EXAMPLES) |