Hello tor-dev,
For the last week I was on holiday for the graduation ceremony. I did however manage to get some work done, so for the past 2 weeks I have:
- worked on adding parameter filters for the syscall filter; this is done using both a static list of parameters, as well as a dynamic list configurable at runtime; - parameter filters currently support numeric and pointer based parameters such as C strings; pointer based parameters are referenced in the original tor code through a getter (this was implemented for the 'open' syscall). - possibly identified a bug in libseccomp which was causing the accept4 syscall to fail to be added to the filter which was temporarily fixed by accepting all socketcall filters; still need to confirm this with nickm, but for those interested i believe -117 on this [1] line should be at least -120; my local fix makes everything work fine without socketcall.
As a general conclusions things are going fine, I am currently trying to figure out what should go in the parameter filter.
Another quick link to my remote branch for the ease of those interested: [2].
Looking forward to some feedback, if you happen to have any!
References: [1] http://sourceforge.net/p/libseccomp/libseccomp/ci/release-2.1/tree/src/arch-... [2] https://github.com/cristiantoader/tor-gsoc-capabilities/tree/gsoc-cap-stage2