mirror of
https://github.com/genodelabs/genode.git
synced 2024-12-23 23:42:32 +00:00
78497c03ca
base-linux uses seccomp to reduce the available system calls to the minimum set needed to run base-linux. There are still some syscalls that allow accessing global state which should be further reduced. The combination of seccomp and socket descriptor caps should provide an intermediate level of security for base-linux thereby enabling base-linux as a migration path from using the Linux kernel to the use of microkernel-based Genode. Fixes #3581
24 lines
525 B
C++
24 lines
525 B
C++
/*
|
|
* \brief Generate seccomp filter policy for base-linux on x86_64
|
|
* \author Stefan Thoeni
|
|
* \date 2019-12-13
|
|
*/
|
|
|
|
/*
|
|
* Copyright (C) 2019 Genode Labs GmbH
|
|
* Copyright (C) 2019 gapfruit AG
|
|
*
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
* under the terms of the GNU Affero General Public License version 3.
|
|
*/
|
|
|
|
#include <stdio.h> /* printf */
|
|
#include <seccomp.h> /* libseccomp */
|
|
#include "seccomp_bpf_compiler.h"
|
|
|
|
int main()
|
|
{
|
|
Filter filter(SCMP_ARCH_X86);
|
|
return filter.create();
|
|
}
|