summaryrefslogtreecommitdiff
path: root/sandbox-seccomp-filter.c
Commit message (Expand)AuthorAgeFilesLines
* Improve seccomp compat on older systems.Darren Tucker2023-02-111-2/+16
* harden Linux seccomp sandboxDamien Miller2023-02-061-5/+74
* Allow writev is seccomp sandbox.Darren Tucker2023-01-141-0/+3
* disable SANDBOX_SECCOMP_FILTER_DEBUGDamien Miller2022-12-071-1/+1
* fix SANDBOX_SECCOMP_FILTER_DEBUGDamien Miller2022-08-111-6/+9
* Allow ppoll_time64 in seccomp sandbox.Darren Tucker2022-02-261-0/+3
* sandbox-seccomp-filter: allow gettidAlex James2022-01-311-0/+3
* adjust seccomp filter for select->poll conversionDamien Miller2021-11-181-2/+9
* polish whitespace for portable filesDamien Miller2021-04-031-3/+3
* Allow (but return EACCES) fstatat64 in sandbox.Darren Tucker2021-03-121-0/+3
* Add __NR_futex_time64 to seccomp sandbox.Darren Tucker2021-02-111-0/+3
* Deny (non-fatal) statx in preauth privsep child.Luca Weiss2021-02-051-0/+3
* Add new pselect6_time64 syscall on ARM.Darren Tucker2020-11-201-0/+3
* Add sys/syscall.h for syscall numbers.Darren Tucker2020-04-151-0/+1
* add clock_gettime64(2) to sandbox allowed syscallsDamien Miller2020-02-031-0/+3
* Deny (non-fatal) ipc in preauth privsep child.Jeremy Drake2020-01-081-0/+3
* seccomp: Allow clock_gettime64() in sandbox.Khem Raj2020-01-081-0/+3
* Allow clock_nanosleep_time64 in seccomp sandbox.Darren Tucker2019-12-161-0/+3
* Remove duplicate __NR_clock_nanosleepDarren Tucker2019-11-131-3/+0
* seccomp: Allow clock_nanosleep() in sandbox.Darren Tucker2019-11-131-0/+6
* Enable specific ioctl call for EP11 crypto card (s390)Eduardo Barretto2019-10-051-0/+2
* Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.Lonnie Abelbeck2019-10-021-0/+9
* use SC_ALLOW_ARG_MASK to limit mmap protectionsDamien Miller2019-08-231-2/+2
* allow mprotect(2) with PROT_(READ|WRITE|NONE) onlyDamien Miller2019-08-231-2/+24
* allow s390 specific ioctl for ecc hardware supportHarald Freudenberger2019-06-051-0/+1
* add futex(2) syscall to seccomp sandboxDamien Miller2018-09-151-0/+3
* Permit getuid()/geteuid() syscalls.Damien Miller2018-05-251-0/+12
* Allow nanosleep in preauth privsep child.Darren Tucker2018-04-131-0/+3
* Fix typo in "socketcall".Darren Tucker2017-04-251-1/+1
* Deny socketcall in seccomp filter on ppc64le.Darren Tucker2017-04-241-0/+1
* Missing header on Linux/s390Damien Miller2017-03-221-0/+3
* Fix syntax error on Linux/X32Damien Miller2017-03-211-1/+1
* Make seccomp-bpf sandbox work on Linux/X32Damien Miller2017-03-141-1/+9
* Remove macro trickery; no binary changeDamien Miller2017-03-141-40/+40
* support ioctls for ICA crypto card on Linux/s390Damien Miller2017-03-141-0/+6
* Fix weakness in seccomp-bpf sandbox arg inspectionDamien Miller2017-03-141-4/+20
* Deny lstat syscalls in seccomp sandboxDamien Miller2016-05-201-0/+6
* allow getrandom syscall; from Felix von LeitnerDamien Miller2015-09-101-0/+3
* upstream commitdjm@openbsd.org2015-06-301-0/+3
* add missing pselect6Damien Miller2015-06-251-0/+3
* trivial optimisation for seccomp-bpfDamien Miller2015-06-171-1/+1
* aarch64 support for seccomp-bpf sandboxDamien Miller2015-06-171-20/+85
* - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;Damien Miller2014-09-101-0/+4
* - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX toDamien Miller2014-03-171-0/+3
* - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures defineDamien Miller2014-02-061-0/+2
* - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)Damien Miller2014-01-311-0/+1
* - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]Damien Miller2014-01-171-1/+1
* - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.Darren Tucker2013-06-021-0/+1
* - (djm) [configure.ac sandbox-seccomp-filter.c] Support for LinuxDamien Miller2013-02-221-0/+8
* - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter isDamien Miller2012-07-061-3/+9
View Lorry Controller Status