#Sydbox 3.50.0 is out: New lock mode "drop" when sandbox policy may only be edited to reduce privileges a la #OpenBSD pledge(2), KCOV/syzkaller support, support for memfd_secret(2) and SCM_PIDFD control message, glob support for ioctl(2) names in sandbox rules (e.g. allow/ioctl+KVM_*), fix for a trusted symlink bypass, new trusted feature to gate unsafe options which can circumvent the sandbox. Sydbox is a rock solid application kernel to sandbox applications on #Linux: https://gitlab.exherbo.org/sydbox/sydbox/-/blob/main/ChangeLog.md?ref_type=heads#3500
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
alip
@alip@mastodon.online
Homo Ludens. I push wood, set traps, write code and poetry. # sydbox is my problem child. I live in # Berlin . I am an # Exherbo # Linux developer. I love # chess , # freesoftware , # poetry , # perl , # c , # rustlang , and # haskell . # Antifa , # Atheist , # fckafd , and # fckakp . Don't come to me with guns, come to me with roses. # Revolution will not be broadcasted on TV. # direngezi ! https:// chesswob.org https:// git.sr.ht/~alip/jja https:// sydbox.exherbolinux.org
mastodon.online
@alip@mastodon.online
·
Mar 01, 2026
1
0
0
Loading comments...