Loading...
Searching...
No Matches
Namespace List
Here is a list of all documented namespaces with brief descriptions:
| Narg | A general purpose, flexible command-line argument handler. This file includes definitions to create a powerful command-line argument handler. --switches and -s formatting is supported, as is specifying multiple short-switches together a la -vvu. Additionally, lists are supported, and values can be provided either with an = key, a space, or with multiple invocations of the switch for lists. Support for mandatory arguments is also supported. Additionally, modifier tags and lambdas can extend argument functionality tremendously |
| Nbinaries | Binary Dependency Resolution This header contains the functions needed to determine the dependencies needed for binary files. It does this both against traditional ELF binaries, leveraging LDD in libraries.hpp, but also supports tokenizing and parsing shell scripts to extract shebangs and commands used for dynamic dependency resolution. This support is far more nuanced than in Python-SB, as we incorporate variables and using the shell interpreter itself to uncover libraries and binaries inaccessible to the old tokenizer |
| Ngenerate | Generator functions. This header contains generator functions, either used to assemble the bwrap command, or auxiliary functions |
| Nlibraries | Shared-Library Dependency Resolution This header contains all the relevant functions for resolving shared-libraries needed by ELF binaries. It does this through through threaded calls to LDD. Unlike Python-SB, SB++ computes dependencies in one shot, including both wildcards and directories. Therefore, there is no need for additional computation upon calling setup(), it can simply copy the found files to the SOF. LDD is the major bottle neck for speed, and thus the two implementations are comparable on speed on library resolution |
| Nshared | Shared functionality |
| Nsyscalls | Syscall Filter Generation This header includes the filter() command for generating a SECCOMP-BPF filter to restrict syscall within the sandbox. Moving to C/C++ allows us to use the libseccomp library directory, which is already installed on any systemd system, allowing us to avoid a dependency where the python bindings are packaged separately. Implementation wise, the groups have been removed, as have numerical syscall numbers. Groups were a bad idea from the start; any system that combines syscalls will introduce more attack surface, especially for a grouping to be broad enough that a filter can be made by hand–the original goal. This also means that offering syscalls on the command line are not supported. Secondly, while portability of the application folders isn't a must, numerical syscalls make the files nebulous and system-specific |
Generated by
1.13.2