Verified Commit 47c67b53 authored by valoq's avatar valoq
Browse files

update documentation

parent 076cec96
...@@ -967,6 +967,9 @@ zathura ...@@ -967,6 +967,9 @@ zathura
* printing * printing
* bookmarks and history * bookmarks and history
The strict sandbox mode is still experimental with some libc implementations.
Currently supported and tested libc implementations: glibc
No feature regressions are expected when using normal sandbox mode. No feature regressions are expected when using normal sandbox mode.
When running under WSL, the default is "none" since seccomp is not supported in When running under WSL, the default is "none" since seccomp is not supported in
......
...@@ -106,13 +106,16 @@ seccomp_enable_basic_filter(void) ...@@ -106,13 +106,16 @@ seccomp_enable_basic_filter(void)
DENY_RULE(uselib); DENY_RULE(uselib);
DENY_RULE(vmsplice); DENY_RULE(vmsplice);
/*TODO /*
* *
* In case this basic filter is actually triggered, print a clear error message to report this * In case this basic filter is actually triggered, print a clear error message to report this
* The syscalls here should never be executed by an unprivileged process * The syscalls here should never be executed by an unprivileged process
* *
* */ * */
girara_debug("Using a basic seccomp filter to blacklist privileged system calls! \
Errors reporting 'bad system call' may be an indicator of compromise");
/* applying filter... */ /* applying filter... */
if (seccomp_load(ctx) >= 0) { if (seccomp_load(ctx) >= 0) {
/* free ctx after the filter has been loaded into the kernel */ /* free ctx after the filter has been loaded into the kernel */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment