Sandboxing framework based on SECCOMP
C Python Assembly
Pull request Compare This branch is 1 commit ahead, 1 commit behind nbareil:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
doc
t
.gitignore
ChangeLog
Makefile
README.org
common.c
common.h
companion.h
companion.s
constants.py
dlmalloc.c
dlmalloc.h
helper.c
helper.h
hybrid.py
inject.c
inject.h
jail.c
jail.h
mm.c
mm.h
sandbox
security.py
sizeof.py
syscalls.py
trustedthread.py
vm.py

README.org

seccomp-nurse

Compatibility

  • Works only with 32bits Linux based system. Author used Debian Lenny.
  • You must install libevent-dev

About

seccomp-nurse is a sandboxing framework based on SECCOMP.

How to use it?

 $ git clone git://github.com/nbareil/seccomp-nurse.git
 $ cd seccomp-nurse/
 $ make
 $ ./sandbox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt

Easy, isn’t it?

Current limitations

  • dlopen() not supported yet
  • clone() (so fork() and threads) will never be supported
  • socket(): work in progress!
  • exec*() will never be supported

At the moment, there is no security check implemented. The sandbox is wide open! It will be the next step.

References

Availability

seccomp-nurse is a free software available under the GNU Public Licence 2! Sources are availables on github: http://github.com/nbareil/seccomp-nurse/

Acknowledgment

This work was funded by the European Commission under contract IST-FP6-033576 (through the XtreemOS project) and EADS Innovation Works.