seccomp-scopes
misc
seccomp-scopes | misc | |
---|---|---|
1 | 3 | |
9 | 6 | |
- | - | |
10.0 | 1.1 | |
about 3 years ago | almost 2 years ago | |
C | Roff | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
seccomp-scopes
-
Show HN: Porting OpenBSD Pledge() to Linux
https://github.com/gnoack/seccomp-scopes/blob/master/pledge....
IMHO the better approach on Linux is going to be Landlock (https://landlock.io) in the future. I'd encourage you to look into it.
misc
-
Show HN: Porting OpenBSD Pledge() to Linux
Here's a landlock wrapper for FireFox: https://github.com/62726164/misc/tree/main/go/landlock/firef...
It's more restrictive than Firejail and is not suid.
-
PSA: Serious Security Vulnerability in Tor Browser
I no longer use Tor either (unless I have to for work projects such as remote pentesting).
What is you opinion of Landlock (Linux kernel 5.13 and newer)? If we wrap vanilla FireFox in LandLock, proxy that to tor and use Apparmor/Tomoyo to further limit what FireFox could do (when it gets compromised) then I think that would be a much safer approach than using the Tor Browser Bundle.
Here's a landlock wrapper (in Go) for FireFox: https://github.com/62726164/misc/blob/main/go/landlock/firef...
Also, I've only ever been able to get Tomoyo to work as MAC for FireFox. SELinux and Apparmor were too difficult.
-
Improved Process Isolation in Firefox 100
I firmly believe that isolation is the future of endpoint security. I like experimenting with MACs on Linux. Tomoyo is my favorite major MAC in Linux. And if you have a newer kernel (5.13 or greater), you may like to experiment with landlock. It's pretty cool and unlike FireJail, no suid required. Here's a landlock wrapper for Firefox:
https://github.com/62726164/misc/blob/main/go/landlock/firef...
What are some alternatives?
libseccomp - The main libseccomp repository
fdroid-metadata
capsicum-linux - Linux kernel with Capsicum support
pornhub-dl - :eggplant: A nice cli-wrapper around youtube-dl for downloading videos and following users/channels on pornhub
cosmopolitan - build-once run-anywhere c library
uBlock - uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
firejail - Linux namespaces and seccomp-bpf sandbox