Everything that you do using this app is your responsibility.
This app allows you to run a app more securely.
This app can be used to see what files a program accesses and what permissions using the -akns flags.
You can use -a to allow access to all the files.
You can use -k to allow the program to send a kill to any process.
You can use -n to allow network syscalls.
You can use -s to save the permissions.zon after all the processes ended.
You can use -u to allow unknown syscalls.
You can use -i for interactive mode when the process tries to access a file or kill a process.
The program relative or absolute path needs to be after -- the program will not be searched in the PATH
The permissions.zon will be used from the current directory in that the secure-run is runed.
permissions are laid out in a list.
Every entry has a perm and path fields, the first is the perm and path is second.
Falid perm
nonenot permission, secure-run will never save this permission with-sfthe file will be visible to the programrthe file will have read permissions to the programwthe file will have write permissions to the programxthe file will have executabile permissions to the program
When we have more permissions they will be laid out like: frwx for all of them.
xwrfis not a validperm.fris a validperm.fwis a validperm.fwris not a validperm.
The path can be a absolute path or a wild path.
A path should always start with /.
A wild path will be /usr/bin/* what permission this has set any other file inside this file will have that permission.
You can have a read permission to /usr/* and a none to /usr/bin/* to restrict access to /usr/bin
This is with not permissions.
.{
}
This is that allows read access any file from /etc
.{
.{ .fr, "/etc/*" },
}
This is the recommended permissions.zon for the most programs to work using interactive mode.
.{
.{ .fr, "/lib/*" },
.{ .frx, "/bin/*" },
.{ .fr, "/usr/lib/*" },
.{ .frx, "/usr/bin/*" },
.{ .fr, "/etc/*" },
.{ .fr, "/sys/*" },
.{ .fr, "/var/*" },
}