seccomp-nurse is a sandboxing framework based on SECCOMP.

How to use it?

 $ git clone git://
 $ cd seccomp-nurse/
 $ make
 $ ./sandbox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt

Easy, isn’t it?

Current limitations

  • dlopen() not supported yet
  • clone() (so fork() and threads) will never be supported
  • socket(): work in progress!
  • exec*() will never be supported

At the moment, there is no security check implemented. The sandbox is wide open! It will be the next step.



seccomp-nurse is a free software available under the GNU Public Licence 2! Sources are availables on github:


This work was funded by the European Commission under contract IST-FP6-033576 (through the XtreemOS project) and EADS Innovation Works.