cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

restrict link() and symlink()

Browse Source
This commit is contained in:
sturm 2004-11-21 11:38:04 +00:00
parent 45ac58f0f3
commit 95b2d10495
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
infrastructure/db/systrace.filter
View File

@ -73,7 +73,9 @@
native-issetugid: permit
native-kill: permit
native-lchown: permit
native-link: permit
native-link: filename match "/tmp" and filename[1] match "/tmp" then permit
native-link: filename match "${WRKDIR}" and filename[1] match "${WRKDIR}" then permit
native-link: filename[1] match "/<non-existent filename>: *" then deny[enoent]
native-listen: true then permit log
native-lseek: permit
native-madvise: permit
@ -127,7 +129,10 @@
native-socket: permit
native-socketpair: permit
native-statfs: permit
native-symlink: permit
native-symlink: filename match "/tmp" then permit
native-symlink: filename match "${WRKDIR}" then permit
native-symlink: filename match "/<non-existent filename>: *" then deny[enoent]
native-symlink: string eq "" and filename eq "" then deny[enoent]
native-sync: permit
native-umask: permit
native-utimes: permit