Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Finish sandboxing #2

Open
3 of 7 tasks
kpcyrd opened this issue Jan 15, 2018 · 0 comments
Open
3 of 7 tasks

Finish sandboxing #2

kpcyrd opened this issue Jan 15, 2018 · 0 comments

Comments

@kpcyrd
Copy link
Owner

kpcyrd commented Jan 15, 2018

  • tighten down seccomp, especially for tr1pd
  • introduce chroot with capabilities to chroot into /var/lib/tr1pd after the socket has been setup strict_chroot=true #4
  • drop all remaining capabilities after setup is done
  • provide a drop-in boxxy version to test the systemd config
  • cleanup seccomp code and fix x/y numbering in log lines
  • consider removing tr1pctl from
  • pledge(2) for openbsd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant