blob: 03786d47c8efe6823ae12ae7e30e613774ab71a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
pledge (OpenBSD command and syscall implementation for Linux)
pledge is a port of OpenBSD's syscall to Linux by Justine Tunney.
This script builds a shared library (to be injected via LD_PRELOAD)
and a command line utility to restrict program execution privileges
and limit parameters such as maximum niceness, cpu time, virtual
memory, file descriptors, child processes, and individual file sizes.
For more info, see: https://justine.lol/pledge/
https://github.com/jart/pledge
NOTES:
* pledge doesn't support 32-bit x86
* pledge help is available via the -h option
* to run pledge at glibc executable load time:
strace -vff bash -c \
'_PLEDGE=4194303,0 LD_PRELOAD=/usr/lib64/pledge/sandbox.so ls'
|
