pkgs/os-specific/linux/syscall_limiter/default.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / pkgs / os-specific / linux / syscall_limiter / default.nix

at 23.11-beta 37 lines 942 B view raw

 1{ lib, stdenv
 2, fetchFromGitHub
 3, libseccomp
 4, perl
 5, which
 6}:
 7
 8stdenv.mkDerivation {
 9  pname = "syscall_limiter";
10  version = "2017-01-23";
11
12  src = fetchFromGitHub {
13    owner  = "vi";
14    repo   = "syscall_limiter";
15    rev    = "481c8c883f2e1260ebc83b352b63bf61a930a341";
16    sha256 = "0z5arj1kq1xczgrbw1b8m9kicbv3vs9bd32wvgfr4r6ndingsp5m";
17  };
18
19  buildInputs = [ libseccomp ];
20
21  installPhase = ''
22    mkdir -p $out/bin
23    cp -v limit_syscalls $out/bin
24    cp -v monitor.sh $out/bin/limit_syscalls_monitor.sh
25    substituteInPlace $out/bin/limit_syscalls_monitor.sh \
26      --replace perl ${perl}/bin/perl \
27      --replace which ${which}/bin/which
28  '';
29
30  meta = with lib; {
31    description = "Start Linux programs with only selected syscalls enabled";
32    homepage    = "https://github.com/vi/syscall_limiter";
33    license     = licenses.mit;
34    maintainers = with maintainers; [ obadz ];
35    platforms   = platforms.linux;
36  };
37}