filter syscalls that programs are allowed to make
Improve build_table script
Edited README.md
Add build.sr.ht manifest

refs

master
browse log

clone

read-only
https://git.sr.ht/~nullp0tr/filt
read/write
git@git.sr.ht:~nullp0tr/filt

builds.sr.ht status

filt

Filter what syscalls programs are allowed to call without needing root. The main motivation for this tool was running a program without internet access. It could've been done with unshare in theory, but using unshare -nr messed up the program's perception of what the home path was.

Warning: this should not be used as a security tool!

build

$ git clone https://git.sr.ht/~nullp0tr/filt && cd filt && make

usage

$ filt open close openat socket -- ls -la