You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the seccomp sandbox works as a library. After starting up, a process
can enable the sandbox. This means the sandbox is limited to trusted programs
that wish to run parts of themselves untrusted.
It would be good if the seccomp sandbox could be applied to existing programs.
To run an existing executable, we would have to enable sandboxing before the
executable's code is run. Furthermore, we don't want to have to modify glibc's
dynamic linker (ld.so), or trust it. So we would need to enable sandboxing
before the dynamic linker gets control too.
We would need to support whatever syscalls ld.so does on startup. One case of
this is ld.so's TLS initialisation. On i386, this uses set_thread_area(). On
x86-64, it uses arch_prctl()+ARCH_SET_FS.
There is a design sketch for this at http://plash.beasts.org/wiki/SeccompSandbox
Original issue reported on code.google.com by mseaborn@chromium.org on 11 Nov 2010 at 4:05
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
mseaborn@chromium.org
on 11 Nov 2010 at 4:05The text was updated successfully, but these errors were encountered: