13 lines
650 B
Plaintext
13 lines
650 B
Plaintext
systrace (interactive policy generation for system calls)
|
|
|
|
Systrace enforces system call policies for applications by constraining
|
|
the application's access to the system. The policy is generated
|
|
interactively. Operations not covered by the policy raise an alarm,
|
|
allowing an user to refine the currently configured policy.
|
|
|
|
By default, this build includes a GTK+ GUI frontend (gtk-systrace), which
|
|
will be started by systrace as needed. To build without the GUI (e.g. for
|
|
use on headless servers), set GUI=no in the script's environment. In
|
|
this case, you'll have to run systrace with the -t option to prevent it
|
|
trying to start the nonexistant GUI.
|