Hi, I would like to contribute to dovecot by adding seccomp system call filtering. Is this something you would like to merge into the dovecot codebase? If so, I can put up a PR on github once I complete it. Thanks, Archana
On 06.10.2017 00:21, Phoenix Krypt wrote:> Hi, > > I would like to contribute to dovecot by adding seccomp system call > filtering. > > Is this something you would like to merge into the dovecot codebase? If so, > I can put up a PR on github once I complete it. > > Thanks, > ArchanaWhat would this achieve? Aki
On 06.10.2017 12:15, Aki Tuomi wrote:> > On 06.10.2017 00:21, Phoenix Krypt wrote: >> Hi, >> >> I would like to contribute to dovecot by adding seccomp system call >> filtering. >> >> Is this something you would like to merge into the dovecot codebase? If so, >> I can put up a PR on github once I complete it. >> >> Thanks, >> Archana > What would this achieve? > > AkiAlso if you do implement this, it should go under service declaration and used whenever a process is spawned. service whatever { ?? seccomp_filter = list of caps } Aki
Reasonably Related Threads
- seccomp filter for dovecot
- [PATCH] Allow MAP_NORESERVE in sandbox seccomp filter maps
- [openssh with openssl cryptodev engine] sshd killed by seccomp filter
- [Bug 2419] New: SECCOMP filter does not accept getpgid syscall
- Possibly Missing Syscalls from Seccomp Filter