Deferring seccomp decisions to user space
Deferring seccomp decisions to user space
Posted Jun 2, 2018 19:14 UTC (Sat) by smurf (subscriber, #17840)Parent article: Deferring seccomp decisions to user space
Wouldn't handling of these calls be a whole lot easier if there was a way to tell the monitored program to proceed with the syscall in question? I'd assume that calls like open() or exec() on behalf of the tracee are a major PITA to do correctly – in other words: a security hole in waiting.
Posted Jun 2, 2018 20:07 UTC (Sat)
by TheJH (subscriber, #101155)
[Link]
Deferring seccomp decisions to user space
But doing that reasonably safely (without race conditions) is a big PITA, especially if the sandboxed process is multithreaded. If you look at the path argument of an open() call and use that to determine whether the call should be allowed, it's probably safest to do the actual open() in the supervisor process and then install the resulting FD in the sandboxed process.