18 lines
727 B
Plaintext
18 lines
727 B
Plaintext
pledge (OpenBSD command and syscall implementation for Linux)
|
|
|
|
pledge is a port of OpenBSD's syscall to Linux by Justine Tunney.
|
|
This script builds a shared library (to be injected via LD_PRELOAD)
|
|
and a command line utility to restrict program execution privileges
|
|
and limit parameters such as maximum niceness, cpu time, virtual
|
|
memory, file descriptors, child processes, and individual file sizes.
|
|
|
|
For more info, see: https://justine.lol/pledge/
|
|
https://github.com/jart/pledge
|
|
|
|
NOTES:
|
|
* pledge doesn't support 32-bit x86
|
|
* pledge help is available via the -h option
|
|
* to run pledge at glibc executable load time:
|
|
strace -vff bash -c \
|
|
'_PLEDGE=4194303,0 LD_PRELOAD=/usr/lib64/pledge/sandbox.so ls'
|