sys_linux: add syscall filter context for NTS-KE

The NTS-KE helper process will use a more restrictive filter than the main process.
2026-01-20 21:00:20 -05:00 · 2019-11-26 14:16:47 +01:00
parent e6848b1e3f
commit 1d4690eb64
2 changed files with 40 additions and 35 deletions
--- a/sys.h
+++ b/sys.h
@@ -40,6 +40,7 @@ extern void SYS_DropRoot(uid_t uid, gid_t gid);

 typedef enum {
  SYS_MAIN_PROCESS,
+  SYS_NTSKE_HELPER,
 } SYS_SystemCallContext;

 /* Enable a system call filter to allow only system calls