I'm fighting with writing rules to block all but a few socket protocol families.
Things that don't work: - Adding rules to allow those families, then a rule to block socket in general. My default action is SCMP_ACT_ALLOW, so I can't add allow rules. (Why not?) - Adding a rule like ..., SCMP_A0(SCMP_CMP_NE, pf1), SCMP_A0(SCMP_CMP_NE, pf2). Sorry, rules can't have multiple conditions on the same argument slot. (Why not?) - Oddly, adding separate rules, each with SCMP_CMP_NE on the first slow is allowed. The behavior seems really strange, though. Is there some guidance on how this is supposed to work? Thanks, Andy -- Andy Lutomirski AMA Capital Management, LLC ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
