Simple Sandbox

Let's try to create a simple sandbox and in turn learn the inner workings of linux security primitives like seccomp, cgroups and namespaces

You can find detailed explanations inside each folder.

At first let's try to work with seccomp which means secure computing mode.

1. Running simple C program inside sandbox

At first we will try to run a simple c program inside a sandbox using execve

2. Seccomp strict mode

We will see how seccomp strict mode allows a very strict pool of system call

3. Add filter to sandbox

Using seccomp rules we initialize sandbox to block everything, then add rules to allow the bare minimum.

4. Get Resource Usage

We will try to find the resource usage of the sandboxed process. We will also refactor the code to allow monitoring the child.

5. Set Resource Usage

In this part we will limit the resource usage of the sandboxed program to a certain upper bound.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
1. Run Simple C File		1. Run Simple C File
2. Using Seccomp Strict Mode		2. Using Seccomp Strict Mode
3. Add Rule Filters		3. Add Rule Filters
4. Get Resource Usage		4. Get Resource Usage
5. Limit Resource Usage		5. Limit Resource Usage
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Simple Sandbox

1. Running simple C program inside sandbox

2. Seccomp strict mode

3. Add filter to sandbox

4. Get Resource Usage

5. Set Resource Usage

About

Releases

Packages

Languages

TamimEhsan/Simple-Sandbox

Folders and files

Latest commit

History

Repository files navigation

Simple Sandbox

1. Running simple C program inside sandbox

2. Seccomp strict mode

3. Add filter to sandbox

4. Get Resource Usage

5. Set Resource Usage

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages