aboutsummaryrefslogtreecommitdiffstats
path: root/seccomp
diff options
context:
space:
mode:
Diffstat (limited to 'seccomp')
-rwxr-xr-xseccomp/bwrap_generator.sh5
-rw-r--r--seccomp/seccomp_filter.c2
2 files changed, 5 insertions, 2 deletions
diff --git a/seccomp/bwrap_generator.sh b/seccomp/bwrap_generator.sh
index 53b3d0c..02b6ade 100755
--- a/seccomp/bwrap_generator.sh
+++ b/seccomp/bwrap_generator.sh
@@ -21,5 +21,6 @@ echo "--chdir ${SANDBOX_DIR_NAME} \\"
echo "--bind $1 ${SANDBOX_DIR_NAME} \\"
echo "--setenv HTTP_PROXY socks5h://192.168.1.214 \\"
echo "--setenv HTTPS_PROXY socks5h://192.168.1.214 \\"
-echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16 \\"
-echo "--seccomp 10 10<${TEMP_LOG} \\"
+echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12 \\"
+echo "--seccomp 9 9<${TEMP_LOG} \\"
+echo "$1"
diff --git a/seccomp/seccomp_filter.c b/seccomp/seccomp_filter.c
index 89ea917..1d3f2fa 100644
--- a/seccomp/seccomp_filter.c
+++ b/seccomp/seccomp_filter.c
@@ -8,6 +8,8 @@
#include <string.h>
#include <unistd.h>
+// https://blog.mnus.de/2020/05/sandboxing-soldatserver-with-bubblewrap-and-seccomp/
+
void log_all_syscalls(void) {
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_LOG);
seccomp_arch_add(ctx, SCMP_ARCH_X86_64);
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-12 20:32:53 +0000