The power of SECCOMP_RET_USER_NOTIF and SECCOMP_IOCTL_NOTIF_ADDFD (Part 2)
#5124
rusty-snake
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Part1: #5123
We could also investigate how
SECCOMP_RET_USER_NOTIF+SECCOMP_IOCTL_NOTIF_ADDFD+pidfd_getfdcan be used to restrictconnectto an limited set of IP-Addresses.Yes I know that systemd's
IPAddressDeny=IPAddressAllow=uses eBPF hooks for that.Beta Was this translation helpful? Give feedback.
All reactions