OK, at the moment there are two features we'd like to be supported, and they are interconnected. Hopefully, neither issue should present much technical complexity:
- Allow for duplicate rules
- Allow for including other rule files. For example, we might want to have some sort of global whitelist or blacklist for system calls, and include these in the configurations for all individual applications. This will make it easy to configure rules for common components/libraries, and in the event that a new version of a critical system library invokes an unexpected syscall, it should automatically "fix" all existing applications that are linked to it.
Finally, I'll tag Dave on this one, but there might be some value in allowing us to load a custom list of constant definitions rather than relying on the prepackaged list...
OK, at the moment there are two features we'd like to be supported, and they are interconnected. Hopefully, neither issue should present much technical complexity:
Finally, I'll tag Dave on this one, but there might be some value in allowing us to load a custom list of constant definitions rather than relying on the prepackaged list...