Google's Chromium sandbox
Google's Chromium sandbox
Posted Aug 20, 2009 14:41 UTC (Thu) by paragw (guest, #45306)In reply to: Google's Chromium sandbox by mingo
Parent article: Google's Chromium sandbox
apply to a particular process/thread while others are not impacted?
How would one deal with which process can specify which other process or
thread can do what syscalls with what arguments and is the change permanent
and localized w.r.t the target thread? How does one go about safely modifying
the restrictions dynamically - the restricted thread needs to open a FD with
user permission that wasn't in the originally specified restrictions list?
From what you described there seem to be some significant usability problems
(need to have tracing enabled, debug file system mounted, user-space access
to the filtering mechanism and per PID operation etc.) that need to be
addressed before it can become generally usable?
Posted Aug 20, 2009 19:33 UTC (Thu)
by mingo (guest, #31122)
[Link]
Does this approach work on a per process basis? I.e. do the restrictions
apply to a particular process/thread while others are not impacted?
It's an engine - and as such it takes ASCII strings, turns them into a 'filter object' in essence which you can then attach to anything and pass in values to evaluate.
Note that there's nothing 'tracing' about that concept.
Right now we attach such filters to tracepoints - such as syscall tracepoints.
It could be attached via seccomp and to an untrusted process as well, with minimal amount of code, if there's interest to share this facility for such purposes.
Google's Chromium sandbox