Implementing libseccomp in PRoot #163

oxr463 · 2021-02-05T20:54:27Z

Project Title: Implementing libseccomp in PRoot

Description:

PRoot contains it's own seccomp code for handling security permissions for running binaries. Instead of maintaining the legacy seccomp code, we would like to see libseccomp implemented. Below is a brief excerpt of the benefits this solution would provide:

We (libseccomp) will take care of cBPF creation, ABI issues,
and any syscall changes when a new kernel is released. Maintaining a custom
filter throughout all of that can be challenging.

This would also help with portability since libseccomp supports several different architectures.

Deliverable:

The current test suite should pass on recent Linux kernels with no failures, on all of the arches that PRoot supports.

Mentor: @oxr463

Skills: c, Linux, ptrace, syscalls, seccomp

Skill Level: Hard

Get started: See: proot-me/proot#106, proot-me/proot#195

oxr463 mentioned this issue Feb 5, 2021

Implementing libseccomp proot-me/gsoc#2

Closed

ddemaio added the PRoot label Feb 8, 2021

ddemaio added PRoot and removed PRoot labels Feb 9, 2022

ddemaio added the Medium Sized Project Medium sized project is 175 hours label Feb 25, 2022

ddemaio removed the PRoot label Apr 25, 2022

ddemaio closed this as completed Jan 16, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implementing libseccomp in PRoot #163

Implementing libseccomp in PRoot #163

oxr463 commented Feb 5, 2021 •

edited

Loading

Implementing libseccomp in PRoot #163

Implementing libseccomp in PRoot #163

Comments

oxr463 commented Feb 5, 2021 • edited Loading

oxr463 commented Feb 5, 2021 •

edited

Loading