pkgs/by-name/sy/syscall_limiter/package.nix

   1 { lib, stdenv
   2 , fetchFromGitHub
   3 , libseccomp
   4 , perl
   5 , which
   6 }:
   7
   8 stdenv.mkDerivation {
   9   pname = "syscall_limiter";
  10   version = "2017-01-23";
  11
  12   src = fetchFromGitHub {
  13     owner  = "vi";
  14     repo   = "syscall_limiter";
  15     rev    = "481c8c883f2e1260ebc83b352b63bf61a930a341";
  16     sha256 = "0z5arj1kq1xczgrbw1b8m9kicbv3vs9bd32wvgfr4r6ndingsp5m";
  17   };
  18
  19   buildInputs = [ libseccomp ];
  20
  21   installPhase = ''
  22     mkdir -p $out/bin
  23     cp -v limit_syscalls $out/bin
  24     cp -v monitor.sh $out/bin/limit_syscalls_monitor.sh
  25     substituteInPlace $out/bin/limit_syscalls_monitor.sh \
  26       --replace perl ${perl}/bin/perl \
  27       --replace which ${which}/bin/which
  28   '';
  29
  30   meta = with lib; {
  31     description = "Start Linux programs with only selected syscalls enabled";
  32     homepage    = "https://github.com/vi/syscall_limiter";
  33     license     = licenses.mit;
  34     maintainers = with maintainers; [ obadz ];
  35     platforms   = platforms.linux;
  36   };
  37 }