From panda23 at hush.ai Tue Dec 13 21:21:11 2011 From: panda23 at hush.ai (panda23 at hush.ai) Date: Tue, 13 Dec 2011 21:21:11 +0000 Subject: seccomp and utrace Message-ID: <20111213212111.45AA76F443@smtp.hushmail.com> I'm planning to use seccomp to make a sandbox for untrusted code. Does the seccomp framework play nicely with a utrace-based syscall filter like the proof-of-concept seccomp replacement Roland McGrath published at the following URL? http://www.redhat.com/archives/utrace-devel/2009-March/msg00159.html I'm considering an arrangement like this because some vulnerabilities which affect seccomp have turned up (http://www.redhat.com/archives/utrace-devel/2009-March/msg00159.html). Most of them revolve around poorly treated syscalls, so an independent layer of syscall filtering seems prudent. (This is in addition to a restrictive linux container and AppArmor profile. Suggestions for further precautions are welcome.) Sincerely, Jason Rong -------------- next part -------------- An HTML attachment was scrubbed... URL: