Verified Commit 47c67b53 authored by valoq's avatar valoq
Browse files

update documentation

parent 076cec96
Pipeline #467 failed with stages
......@@ -967,6 +967,9 @@ zathura
* printing
* bookmarks and history
The strict sandbox mode is still experimental with some libc implementations.
Currently supported and tested libc implementations: glibc
No feature regressions are expected when using normal sandbox mode.
When running under WSL, the default is "none" since seccomp is not supported in
......
......@@ -106,13 +106,16 @@ seccomp_enable_basic_filter(void)
DENY_RULE(uselib);
DENY_RULE(vmsplice);
/*TODO
/*
*
* In case this basic filter is actually triggered, print a clear error message to report this
* The syscalls here should never be executed by an unprivileged process
*
* */
girara_debug("Using a basic seccomp filter to blacklist privileged system calls! \
Errors reporting 'bad system call' may be an indicator of compromise");
/* applying filter... */
if (seccomp_load(ctx) >= 0) {
/* free ctx after the filter has been loaded into the kernel */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment