| SYD-LDD(1) | General Commands Manual | SYD-LDD(1) |
NAME
syd-ldd - print shared object dependencies in a secure way
SYNOPSIS
syd-ldd [option]... file...
DESCRIPTION
The syd-ldd utility is meant to be used as a secure alternative to ldd(1). It creates a syd sandbox and runs ldd(1) under it with restricted privileges.
INVOCATION
syd-ldd utility is equivalent to invoking the following command:
syd
-pimmutable
-msandbox/read:on
-msandbox/stat:off
-msandbox/exec:on
-msandbox/write:on
-msandbox/net:on
-msandbox/lock:on
-mallow/read+/etc/ld-*.path
-mallow/read+/etc/locale.alias
-mallow/read+/usr/share/locale*/**/*.mo
-mallow/read+/usr/share/locale*/locale.alias
-mallow/read+/usr/lib*/locale*/locale-archive
-mallow/read+/usr/lib*/**/gconv-modules*
-mallow/read+/usr/**/LC_{ALL,COLLATE,CTYPE,IDENTIFICATION,MESSAGES}
-mallow/read+/**/*.so.[0-9]*
-mallow/exec+/lib/**/ld-linux*.so.[0-9]
-mallow/exec+/usr/lib*/**/ld-linux*.so.[0-9]
-mallow/write+/dev/null
-mallow/lock/read+/
-mallow/lock/write+/dev/null
-mallow/read,write+/dev/tty
-mallow/read,exec+/path/to/ldd
/path/to/ldd -- args...
SEE ALSO
syd(1), syd(2), syd(5), ldd(1)
syd homepage: https://sydbox.exherbolinux.org/
AUTHORS
Maintained by Ali Polatel. Up-to-date sources can be found at https://gitlab.exherbo.org/sydbox/sydbox.git and bugs/patches can be submitted to https://gitlab.exherbo.org/groups/sydbox/-/issues. Discuss in #sydbox on Libera Chat.
| 2025-02-14 |