Marco Allegretti 98a21da734 feat(runtime): seccomp blocklist filter via optional seccomp feature ... Add seccomp feature flag (seccompiler + libc, Linux-only, optional). When compiled with --features seccomp, weft-runtime installs a SECCOMP_MODE_FILTER immediately after argument parsing, before any package resolution or WASM execution. Filter strategy: default-allow with explicit KillProcess rules for high-risk syscalls a WASM runtime process has no legitimate need for: ptrace, process_vm_readv/writev, kexec_load, personality, syslog, reboot, mount/umount2, setuid/setgid/setreuid/setregid/setresuid/ setresgid, chroot, pivot_root, init_module/finit_module/delete_module, bpf, perf_event_open, acct. The feature is off by default so the standard build and tests are unaffected. Enable in production service builds with --features seccomp.		2026-03-11 15:34:21 +01:00
..
weft-appd	feat(appd): wrap runtime in systemd-run cgroup scope when user session is active	2026-03-11 15:25:04 +01:00
weft-build-meta	Initialize Rust workspace and repository metadata	2026-03-10 18:47:06 +01:00
weft-compositor	feat(protocol): add wl_surface arg to create_window in weft-shell-unstable-v1	2026-03-11 14:33:17 +01:00
weft-ipc-types	feat(ipc-types): add weft-ipc-types crate with compositor-appd message types and frame framing	2026-03-11 14:17:48 +01:00
weft-pack	feat(pack): Ed25519 package signing -- generate-key, sign, verify subcommands	2026-03-11 15:29:49 +01:00
weft-runtime	feat(runtime): seccomp blocklist filter via optional seccomp feature	2026-03-11 15:34:21 +01:00
weft-servo-shell	feat(servo-shell): implement weft-shell-protocol Wayland client	2026-03-11 14:59:58 +01:00