Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result
History
Dave Martin's avatar
bouncer: README: Add link to kernel SECCOMP patches
Dave Martin authored 
Add a link to a tree with the kernel SECCOMP patches required by
the bouncer.

Signed-off-by: default avatarDave Martin <Dave.Martin@arm.com>
b409e10a
Name Last commit Last update
Makefile
README
bouncer.c
bouncer.h
fallback.c
siglock.c
README
bouncer.so is a preloadable shared object that attempts to filter all
syscalls using SECCOMP, with fallback redirection of unemulated syscalls
to __kernel_syscall() in the vDSO.

Currently, only AArch64 is supported.

Some out-of-tree SECCOMP extensions are required for Linux. [1]


linux$ make headers_install

bouncer$ make CPPFLAGS=-I<...>/linux/usr/include \
	CROSS_COMPILE=aarch64-linux-gnu-

bouncer$ LD_PRELOAD=./bouncer.so <command>
Segmentation fault

(OK, the segfault isn't really supposed to happen, but don't be
surprised if it does...)


[1] SECCOMP extensions
git://linux-arm.org/linux-dm.git seccomp/vdso/plumbers/head
http://linux-arm.org/git?p=linux-dm.git;a=shortlog;h=refs/heads/seccomp/vdso/plumbers/head