For this particular case it can notify the kernel that it will be using the read and write system calls, but never the send and recv system calls (because its intent is to work with local files and never with the network). Using seccomp an application can declare its intentions in advance to the Linux kernel. Consider an application which converts image formats: it needs the ability to read and write data from disk, but in its simplest form probably does not need any network access. But not all applications require all services. By default, the OS kernel has almost no insight into userspace application logic, so it provides all the possible services it can. Linux seccomp is yet another syscall on Linux, but it is a bit special, because it influences how the OS kernel will behave when the application uses other system calls. Instead they use system calls to ask the OS kernel to do specific hardware and networking tasks on their behalf:Īpart from providing a generic high level way for applications to interact with the low level hardware, the system call architecture allows the OS kernel to manage available resources between applications as well as enforce policies, like application permissions, networking access control lists etc. Applications do not, and most of the time cannot, directly access low-level hardware or networking, when they need to store data or send something over the wire. On modern operating systems most applications provide only application-specific logic as code. System calls (syscalls) is a well-defined interface between userspace applications and the operating system (OS) kernel. In this post we will review Linux seccomp and learn how to sandbox any (even a proprietary) application without writing a single line of code. There are namespaces (the basic building blocks for containers), Linux Security Modules, Integrity Measurement Architecture etc. Modern Linux operating systems provide many tools to run code more securely.
0 Comments
Leave a Reply. |