diff options
Diffstat (limited to 'system/pledge/README')
| -rw-r--r-- | system/pledge/README | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/system/pledge/README b/system/pledge/README new file mode 100644 index 0000000000..03786d47c8 --- /dev/null +++ b/system/pledge/README @@ -0,0 +1,17 @@ +pledge (OpenBSD command and syscall implementation for Linux) + +pledge is a port of OpenBSD's syscall to Linux by Justine Tunney. +This script builds a shared library (to be injected via LD_PRELOAD) +and a command line utility to restrict program execution privileges +and limit parameters such as maximum niceness, cpu time, virtual +memory, file descriptors, child processes, and individual file sizes. + +For more info, see: https://justine.lol/pledge/ + https://github.com/jart/pledge + +NOTES: +* pledge doesn't support 32-bit x86 +* pledge help is available via the -h option +* to run pledge at glibc executable load time: + strace -vff bash -c \ + '_PLEDGE=4194303,0 LD_PRELOAD=/usr/lib64/pledge/sandbox.so ls' |