mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-02-07 23:13:34 +00:00
d5b8b644c2
Right now, cosmopolitan uses Linux Landlock ABI version 2 on Linux, meaning that the polyfill for unveil() cannot restrict operations such as truncate() (a limitation of Landlock's ABI from then). This means that to restrict truncation operations Cosmopolitan instead has to ban the syscall through a SECCOMP BPF filter, meaning that completely legitimate truncate() calls are blocked However, the newest version of the Landlock ABI (version 3) introduced in Linux 6.2, released in February 2023, implements support for controlling truncation operations. As such, the previous SECCOMP BPF truncate() filtering is no longer needed when the new ABI is available This patch implements unveil truncate support for Linux Landlock ABI version 3 |
||
|---|---|---|
| .. | ||
| bits | ||
| calls | ||
| dns | ||
| fmt | ||
| intrin | ||
| log | ||
| mem | ||
| nexgen32e | ||
| release | ||
| runtime | ||
| sock | ||
| stdio | ||
| str | ||
| thread | ||
| time | ||
| tinymath | ||
| x | ||
| xed | ||
| zipos | ||
| test.mk | ||