mirror of
https://github.com/joleuger/vuinputd.git
synced 2026-07-18 00:45:07 +00:00
22 lines
No EOL
571 B
Markdown
22 lines
No EOL
571 B
Markdown
# Security
|
|
|
|
## Small code base
|
|
|
|
## Fuzzing
|
|
|
|
## Audit
|
|
|
|
## Unsafe code
|
|
|
|
Known problem: A lot of unsafe code. Open are ideas to mitigate this issue.
|
|
|
|
## seccomp, AppArmor, SELinux, cgroups mounts, /sys read-write
|
|
|
|
This is a big TODO. Which permissions can be reduced. Now we assume we are quite privileagued:
|
|
- We have all Linux kernel capabilities,
|
|
- The default seccomp profile is disabled,
|
|
- The default AppArmor profile is disabled,
|
|
- The default SELinux process label is disabled,
|
|
- all host devices are accessible,
|
|
- /sys is read-write,
|
|
- cgroups mount is read-write. |