This project is now archived. It was a fun project but it does not compile/run anymore and there are far better mechanisms that have been implemented now: firejail, crosvm, gvisor, etc.
seccomp-nurse is a sandboxing framework based on
How to use it?
$ git clone git://github.com/nbareil/seccomp-nurse.git $ cd seccomp-nurse/ $ make $ ./sandbox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt
Easy, isn’t it?
dlopen()not supported yet
fork()and threads) will never be supported
socket(): work in progress!
exec*()will never be supported
At the moment, there is no security check implemented. The sandbox is wide open! It will be the next step.
- Blog post about ”SECCOMP as a sandboxing solution?”
- Blog post about ”How system calls work on Linux?”
- Chrome browser:
seccomp-nurse is a free software available under the GNU Public
Licence 2! Sources are availables on github: http://github.com/nbareil/seccomp-nurse/