Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
53 lines (31 sloc) 1.57 KB

seccomp-nurse

Compatibility

  • Works only with 32bits Linux based system. Author used Debian Lenny.
  • You must install libevent-dev

About

seccomp-nurse is a sandboxing framework based on SECCOMP.

How to use it?

 $ git clone git://github.com/nbareil/seccomp-nurse.git
 $ cd seccomp-nurse/
 $ make
 $ ./sandbox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt

Easy, isn’t it?

Current limitations

  • dlopen() not supported yet
  • clone() (so fork() and threads) will never be supported
  • socket(): work in progress!
  • exec*() will never be supported

At the moment, there is no security check implemented. The sandbox is wide open! It will be the next step.

References

Availability

seccomp-nurse is a free software available under the GNU Public Licence 2! Sources are availables on github: http://github.com/nbareil/seccomp-nurse/

Acknowledgment

This work was funded by the European Commission under contract IST-FP6-033576 (through the XtreemOS project) and EADS Innovation Works.