seccomp-nurse
This project is now archived. It was a fun project but it does not compile/run anymore and there are far better mechanisms that have been implemented now: firejail, crosvm, gvisor, etc.
seccomp-nurse
is a sandboxing framework based on SECCOMP
.
$ git clone git://github.com/nbareil/seccomp-nurse.git $ cd seccomp-nurse/ $ make $ ./sandbox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt
Easy, isn’t it?
dlopen()
not supported yetclone()
(sofork()
and threads) will never be supportedsocket()
: work in progress!exec*()
will never be supported
At the moment, there is no security check implemented. The sandbox is wide open! It will be the next step.
- Blog post about ”SECCOMP as a sandboxing solution?”
- Blog post about ”How system calls work on Linux?”
- Chrome browser:
seccomp-nurse
is a free software available under the GNU Public
Licence 2! Sources are availables on github: http://github.com/nbareil/seccomp-nurse/
This work was funded by the European Commission under contract IST-FP6-033576 (through the XtreemOS project) and EADS Innovation Works.