mruby-seccomp

A mruby gem to access libseccomp API

install by mrbgems

add conf.gem line to build_config.rb

MRuby::Build.new do |conf|

  # ... (snip) ...

  conf.gem :github => 'haconiwa/mruby-seccomp'
end

example

context = Seccomp.new(default: :kill) do |rule|
  rule.allow(:open)
  rule.allow(:close)
  rule.allow(:read, Seccomp::ARG(:==, $stdin.fileno), Seccomp::ARG(:!=, 0x0), Seccomp::ARG(:<=, File::SSIZE_MAX))
  # rule.kill(:open)
  # rule.trap(:open) ...
end
context.allow(...) # if necessary out of block

context.load # to load context to current process


Process.fork do
  # This process is also jailed
  ...
end

context.fork do
  # This spawns a new process which is jailed
  # but the parent process will be remain unloaded
end

context.reset(:allow) # to reset

License

mruby-seccomp itself is under the MIT License:

see LICENSE file

TODO

Trapping SIGSYS and get si_syscall in the block

Name		Name	Last commit message	Last commit date
Latest commit History 95 Commits
.github/workflows		.github/workflows
examples		examples
misc		misc
mrblib		mrblib
src		src
test		test
.clang-format		.clang-format
.envrc_sample		.envrc_sample
.gitignore		.gitignore
LICENSE		LICENSE
LICENSE_libseccomp		LICENSE_libseccomp
README.md		README.md
Rakefile		Rakefile
ci_build_config.rb		ci_build_config.rb
ci_build_config.rb.lock		ci_build_config.rb.lock
mrbgem.rake		mrbgem.rake
mruby-seccomp.gem		mruby-seccomp.gem

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Licenses found

Repository files navigation

mruby-seccomp

install by mrbgems

example

License

TODO

About

Licenses found

Releases

Packages

Contributors 2

Languages

License

Licenses found

haconiwa/mruby-seccomp

Folders and files

Latest commit

History

Repository files navigation

mruby-seccomp

install by mrbgems

example

License

TODO

About

Topics

Resources

License

Licenses found

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages