Skip to content
This repository has been archived by the owner on May 14, 2018. It is now read-only.

nbareil/seccomp-nurse

Repository files navigation

seccomp-nurse

This project is now archived. It was a fun project but it does not compile/run anymore and there are far better mechanisms that have been implemented now: firejail, crosvm, gvisor, etc.

About

seccomp-nurse is a sandboxing framework based on SECCOMP.

How to use it?

 $ git clone git://github.com/nbareil/seccomp-nurse.git
 $ cd seccomp-nurse/
 $ make
 $ ./sandbox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt

Easy, isn’t it?

Current limitations

  • dlopen() not supported yet
  • clone() (so fork() and threads) will never be supported
  • socket(): work in progress!
  • exec*() will never be supported

At the moment, there is no security check implemented. The sandbox is wide open! It will be the next step.

References

Availability

seccomp-nurse is a free software available under the GNU Public Licence 2! Sources are availables on github: http://github.com/nbareil/seccomp-nurse/

Acknowledgment

This work was funded by the European Commission under contract IST-FP6-033576 (through the XtreemOS project) and EADS Innovation Works.

About

Sandboxing framework based on SECCOMP

Resources

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages