Skip to content

Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.

License

Notifications You must be signed in to change notification settings

avilum/syscalls

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 

Repository files navigation

This script was adopted by firejail to their repository

Moved to netblue30/firejail contrib scripts: https://github.com/netblue30/firejail/blob/master/contrib/syscalls.sh

syscalls

Discover executable's syscalls.
A simple script that discovers the necessary behaviour of programs, using strace and grep.
I Created this in order to create profiles for seccomp-bpf jails, like nsjail, gVisor and firejail.

Usage:

ubuntu@pc:~$ ./syscalls whoami
ubuntu
The following syscalls were called:
access
arch_prctl
brk
close
connect
execve
exit_group
fstat
geteuid
lseek
mmap
mprotect
munmap
open
read
socket
write
The syscalls were saved to /home/ubuntu/syscalls.txt
ubuntu@pc:~$ ./syscalls python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...
^C
The following syscalls were called:
access
arch_prctl
brk
close
connect
execve
exit_group
fstat
geteuid
lseek
mmap
mprotect
munmap
open
read
socket
write
The syscalls were saved to /home/ubuntu/syscalls.txt

Releases

No releases published

Packages

No packages published

Languages