diff options
Diffstat (limited to 'system/systrace/README')
-rw-r--r-- | system/systrace/README | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/system/systrace/README b/system/systrace/README new file mode 100644 index 0000000000000..ed5bd49364c69 --- /dev/null +++ b/system/systrace/README @@ -0,0 +1,12 @@ +systrace (interactive policy generation for system calls) + +Systrace enforces system call policies for applications by constraining +the application's access to the system. The policy is generated +interactively. Operations not covered by the policy raise an alarm, +allowing an user to refine the currently configured policy. + +By default, this build includes a GTK+ GUI frontend (gtk-systrace), which +will be started by systrace as needed. To build without the GUI (e.g. for +use on headless servers), set GUI=no in the script's environment. In +this case, you'll have to run systrace with the -t option to prevent it +trying to start the nonexistant GUI. |