How to add seccomp rules to a secific process?

Question

I'm designing a judge system, which starts a new process and then limit the cpu time and memory usage of the new process.

To ensure safety, some system calls can not be allowed with the new process, like fork, clone and so on.

I tried to use libseccomp to limit system calls, however, I don't know how to set a rule for the specific process. If I set the rule in the judge process, after loading the rule, the judge process is also limited to call these system calls, then I can not fork and execv the new process.

virusdefender · Accepted Answer · 2016-01-23T05:05:40.790

0

Now I got the answer, seccomp can also add parameter limit, such as the first parameter of execve must be specific path.

Whole code is in github

https://github.com/QingdaoU/Judger

edited Jan 23 '16 at 05:05

answered Jan 18 '16 at 10:45

virusdefender

505
5
15

How to add seccomp rules to a secific process?

1 Answers1