I am trying to use Amazon Lambda to host a programming learning platform, where I have to execute simple untrusted Python code.
My latest attempt at isolating the user’s code in a simple way is to use seccomp to disable anything but reading from files, and writing to stdout/stderr, with code that looks like this:
from pyseccomp import *
f = SyscallFilter(defaction=KILL)
f.add_rule(ALLOW, "open",
Arg(1, MASKED_EQ, os.O_RDONLY,
os.O_RDONLY | os.O_RDWR | os.O_WRONLY))
f.add_rule(ALLOW, "openat",
Arg(2, MASKED_EQ, os.O_RDONLY,
os.O_RDONLY | os.O_RDWR | os.O_WRONLY))
f.add_rule(ALLOW, "read")
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
f.add_rule(ALLOW, "close")
f.add_rule(ALLOW, "getdents64")
f.add_rule(ALLOW, "exit_group")
f.add_rule(ALLOW, "rt_sigaction")
f.add_rule(ALLOW, "sigaltstack")
f.add_rule(ALLOW, "brk")
f.add_rule(ALLOW, "lseek")
f.add_rule(ALLOW, "fstat")
f.add_rule(ALLOW, "mmap")
f.add_rule(ALLOW, "mprotect")
f.add_rule(ALLOW, "stat")
f.add_rule(ALLOW, "ioctl", Arg(1, EQ, 0x5401)) # TCGETS
f.add_rule(ALLOW, "fcntl")
f.load()
This works nicely locally, but on Amazon Lambda, it didn’t find the seccomp library.
I tried to include libseccomp.2 from my Debian stable machine in the Amazon Lambda function, and the code progresses until f.load(), but then fails with
Traceback (most recent call last):
File "sandbox.py", line 32, in <module>
f.load()
File "/var/task/pyseccomp.py", line 335, in load
_check_status(_libseccomp.seccomp_load(self._filter))
File "/var/task/pyseccomp.py", line 183, in _check_status
raise _build_oserror(-res)
PermissionError: [Errno 1] Operation not permitted
Does seccomp_load returning EPERM mean mean that I simply can’t use seccomp on Amazon Lambda, or am I doing something else wrong.
