https://github.com/gcmurphy/forkoff
prevent forking of external processes via kafel + neon + node.js
https://github.com/gcmurphy/forkoff
help-wanted kafel neon nodejs rust seccomp
Last synced: about 1 month ago
JSON representation
prevent forking of external processes via kafel + neon + node.js
- Host: GitHub
- URL: https://github.com/gcmurphy/forkoff
- Owner: gcmurphy
- Created: 2017-12-20T08:57:30.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2017-12-21T04:57:40.000Z (almost 8 years ago)
- Last Synced: 2025-03-24T18:49:42.044Z (7 months ago)
- Topics: help-wanted, kafel, neon, nodejs, rust, seccomp
- Language: Rust
- Size: 5.86 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# forkoff
Experiment that uses kafel to set seccomp filters to prevent forking
Really bad prototype using neon + rust to build bindings.
Currently an EPERM error will be raised when you try to run a process.
## Hacking
### Install submodules:
```
git submodule update --init --recursive
```
### Install Rust
```
curl https://sh.rustup.rs -sSf | sh
```
### Install [Neon](https://www.neon-bindings.com/)
```
npm install -g neon-cli
```
### Ensure libkafel is built and accessible
* build.rs will look for the file in the root directory
* node expects libkafel.so.1 to exist so you need to symlink or rename
```
cd vendor/kafel
make
cp libkafel.so ../../
cp libkafel.so ../../../libkafel.so.1
```
### Run the build
```
neon build
```
### Run the demo
```
npm start
```