{"id":17145989,"url":"https://github.com/foxcpp/scmp-confine","last_synced_at":"2025-07-07T04:09:23.957Z","repository":{"id":98733654,"uuid":"232605746","full_name":"foxcpp/scmp-confine","owner":"foxcpp","description":"Simple CLI wrapper for libseccomp library written in Go.","archived":false,"fork":false,"pushed_at":"2020-01-08T16:35:16.000Z","size":7,"stargazers_count":3,"open_issues_count":4,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2023-03-02T22:11:45.586Z","etag":null,"topics":["seccomp","seccomp-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foxcpp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-08T16:22:47.000Z","updated_at":"2024-06-19T10:05:12.185Z","dependencies_parsed_at":"2023-03-13T15:55:39.754Z","dependency_job_id":null,"html_url":"https://github.com/foxcpp/scmp-confine","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"purl":"pkg:github/foxcpp/scmp-confine","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fscmp-confine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fscmp-confine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fscmp-confine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fscmp-confine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foxcpp","download_url":"https://codeload.github.com/foxcpp/scmp-confine/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foxcpp%2Fscmp-confine/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264010960,"owners_count":23543717,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["seccomp","seccomp-tools"],"created_at":"2024-10-14T21:07:31.277Z","updated_at":"2025-07-07T04:09:23.938Z","avatar_url":"https://github.com/foxcpp.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# scmp-confine\n\nSimple CLI wrapper for libseccomp library written in Go.\n\n## Installation\n\n- Go 1.11\n- C compiler\n- libseccomp library and headers\n\n```\ngo get github.com/foxcpp/scmp-confine\n```\n\n## Usage\n\nSee `-help` output:\n```\nUsage of ./scmp-confine:\n  -allow-calls value\n    \tCommand-separated list of system calls to allow without restrictions\n  -config value\n    \tLoad arguments from configuration file\n  -default-act value\n    \tAction to apply for all other system calls. Valid values: kill, trap, errno, allow, log (default errno)\n  -dump-bpf\n    \tDump generated filter in BPF format to stdout\n  -dump-pfc\n    \tDump generated filter in PFC format to stdout\n  -errno value\n    \tError to return when 'errno' action is used (default EPERM)\n  -errno-calls value\n    \tCommand-separated list of calls to return error on\n  -kill-calls value\n    \tCommand-separated list of calls to kill process on\n  -log-calls value\n    \tCommand-separated list of system calls to log to audit log\n  -permit-escalation\n    \tDo not set 'no new privileges' bit\n  -trap-calls value\n    \tCommand-separated list of calls to send SIGSYS on\n```\n\n```\n$ scmp-confine -config /etc/scmp-confine/usr.bin.telegram-desktop.yml /usr/bin/telegram-desktop\n```\n\n## Configuration files\n\nExample of configuration file that can be used with the `-config` argument.\n\n```yaml\ndefault_action: errno\nerrno: EPERM\npermit_escalation: false\nallow_calls:\n- poll\nerrno_calls:\n- setuid\nkill_calls:\n- seccomp\nlog_calls:\n- open\n```\n\nIf `-config` is used with other arguments, command line arguments overrid\nconfiguration values for singular options, lists are concatenated.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoxcpp%2Fscmp-confine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoxcpp%2Fscmp-confine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoxcpp%2Fscmp-confine/lists"}