mirror of
https://github.com/jorisvink/kore
synced 2025-03-09 04:29:02 -04:00
A new hook in the koreapp class is called right before seccomp is enabled. This hook receives a Kore seccomp object which has the following methods: seccomp.allow("syscall") seccomp.allow_arg("syscall", arg, value) seccomp.allow_flag("syscall", arg, flag) seccomp.allow_mask("syscall", arg, mask) seccomp.deny("syscall") seccomp.deny_arg("syscall", arg, value, errno=EACCES) seccomp.deny_flag("syscall", arg, flag, errno=EACCES) seccomp.deny_mask("syscall", arg, mask, errno=EACCES) This allows you to finetune the seccomp filters for your application from inside your koreapp.