Questions tagged [seccomp]

'SecComp' is an abbreviation for Secure Computing Mode, a facility built into modern Linux kernels that can be used to constrain (irreversibly) what a program is allowed to do.

In older kernels, the access was (only) via the prctl() system call; since kernel 3.17, there is a separate seccomp() system call that should be used in preference.

101 questions

votes

0 answers

Decoding seccomp profile failed in Docker Engine SDK

I was trying to run a container with seccomp profile using Docker SDK, and this error showed up "Decoding seccomp profile failed: invalid character 'd' looking for beginning of value" Below is the code import docker client =…

docker sdk seccomp

asked Sep 28 '22 at 09:27

Long

1,482
21
33

votes

1 answer

How can I dump the seccomp filters installed while running the application?

Say I have a process with seccomp filters installed. At runtime, i would like to see all the seccomp filtered installed within this process. How can I achieve that? Reading through seccomp man page does not seem to find the answers.

linux seccomp

asked Jul 17 '22 at 18:09

drdot

3,215
9
46
81

votes

1 answer

How can i hooking with seccomp?

I'm looking for a way to perform Hooking with seccomp or seccomp-bpf. I want to set a rule so that when a syscall is performed (eg read) I can change the process or the answer that comes back from Syscall. And I must use seccomp. Tnx

linux linux-kernel hook seccomp

asked Feb 27 '22 at 11:10

Avi Feder

votes

0 answers

seccomp sk_run_filter calls with Docker degrading performance

I have a PHP application running in Docker on two environments with the same Docker version, Docker container, OS (CentOS 7) and kernel. On one, I've discovered performance is about 5x worse. Using perf, the system call sk_run_filter appears to be…

docker linux-kernel seccomp

asked Dec 11 '21 at 21:06

user116518

votes

0 answers

Is there a way of not inheriting seccomp filters to child processes?

so let's suppose I have a simple program like that: #include #include #include #include int main(void) { scmp_filter_ctx ctx; int ret = 0; ctx = seccomp_init(SCMP_ACT_ALLOW); ret |=…

c seccomp

asked Jul 28 '21 at 15:32

milck

votes

1 answer

BPF: How to set the jump value as the value stored in the accumulator?

I am working with seccomp BPF and need to set the jump values (jt/jf/k) of a jump statement (conditional jump/jump always) as the value stored in the accumulator. Is this possible? I have a hunch that it is not, because the BPF verifier cannot check…

c system-calls bpf seccomp

asked Jul 23 '21 at 16:31

Shubham Johri

votes

1 answer

How can you security-harden a Python program?

What is best way to restrict/sandbox a Python program? How can I restrict a Python program to only be able to access one website and print to stdout? I am using pyseccomp to restrict the list of syscalls the program can make, but am finding very…

python-3.x linux security restriction seccomp

asked May 18 '21 at 19:26

Zaz

46,476
14
84
101

votes

1 answer

How to identify processes using seccomp with the proc filesystem in Python?

I have to write a Python3 program which counts every process on a virtual machine that's using seccomp. It should use the proc filesystem to identify these processes but I don't know how to do it. In general I would go through every folder in this…

python python-3.x seccomp

asked Nov 15 '20 at 20:08

bfg

votes

0 answers

Can I use Google Container Optimised OS as a secure container sandbox?

I have a VM running Googles Container Optimised OS, and I want to allow running code that users provide - each user has their own container. This code can be malicious - I want to limit the scope of the code to just its own…

docker google-cloud-platform apparmor seccomp google-container-os

asked Jun 02 '20 at 12:25

zino

1,222
2
17
47

votes

1 answer

How to write a seccomp BPF program to filter the system call instruction pointer

Is it possible to write a seccomp-BPF program to filter on the system call instruction pointer? For example, to kill the process where there is a system call instruction executed not from the libc.

linux bpf ebpf seccomp

asked May 18 '20 at 18:24

xiaogw

votes

1 answer

Is there any difference between using SYS_syscallname __NR_syscallname in seccomp?

Which is the difference between using SYS_syscallname and __NR_syscallname in a seccomp filter? Which one should I use?

bpf seccomp

asked Aug 13 '19 at 13:05

Maicake

1,046
10
34

votes

1 answer

load seccomp_export_bpf generated code into the kernel

http://man7.org/linux/man-pages/man3/seccomp_export_bpf.3.html how can I load the generated code into kernel? Which are possible use cases for this function?

kernel bpf seccomp

asked Aug 12 '19 at 07:50

Maicake

1,046
10
34

votes

1 answer

how to use seccomp_release libseccomp?

Should I release the filter also after seccomp_load() is called? Or only if some of the calls to seccomp_rule_add() fails? For example OPTION1 r = seccomp_rule_add(...) if r < 0 seccomp_relase(...) r =seccomp_rule_add(...) if r < 0…

kernel bpf seccomp

asked Aug 11 '19 at 12:37

Maicake

1,046
10
34

votes

1 answer

In libseccomp, what is scmp_filter_ctx? And what is it used for?

What actually stores scmp_filter_ctx since it's defined as void? See seccomp header file. In general what is a context ?

bpf seccomp

asked Aug 09 '19 at 10:49

Maicake

1,046
10
34

votes

0 answers

Why no_new_privs bit is required with seccomp? example of theoretical exploit

I've seen that before using seccomp mode filter you have to set this bit, because it guarantees that a child process can't be executed with greater privileges compared to the parent's ones. But still I can't figure out an exploitation example. Could…

privileges exploit seccomp

asked Aug 06 '19 at 14:06

Maicake

1,046
10
34

Prev 1 2 3 4 5

7 Next