A support for Lua-scriptable syscall tampering and filtering will be added. It will be possible to inspect syscall arguments (including structures/unions of arbitrary complexity, given that their definitions are provided), passed both by value and by pointer (and write modified values back in case of the latter) using LuaJIT's FFI library or a compatible one (there are currently a standalone implementation of FFI library abandoned since 2013 and its fork by Facebook).

It will also be possible to perform fault/success/signal injection.

A pull-style C API, as LuaJIT's FFI documentation suggests for minimizing context switching between C and Lua and thus maximizing performance, will be implemented, but a helper library written in Lua will wrap it to provide a convenient push-style one.

Of course, everything added will be documented and tested well.



Viktor Krapivenskiy


  • Eugene Syromyatnikov
  • Dmitry Levin