The power of SECCOMP_RET_USER_NOTIF and SECCOMP_IOCTL_NOTIF_ADDFD (Part 2)
#5124
rusty-snake
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Part1: #5123
We could also investigate how
SECCOMP_RET_USER_NOTIF+SECCOMP_IOCTL_NOTIF_ADDFD+pidfd_getfdcan be used to restrictconnectto an limited set of IP-Addresses.Yes I know that systemd's
IPAddressDeny=IPAddressAllow=uses eBPF hooks for that.Beta Was this translation helpful? Give feedback.
All reactions