You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PRoot contains it's own seccomp code for handling security permissions for running binaries. Instead of maintaining the legacy seccomp code, we would like to see libseccomp implemented. Below is a brief excerpt of the benefits this solution would provide:
We (libseccomp) will take care of cBPF creation, ABI issues,
and any syscall changes when a new kernel is released. Maintaining a custom
filter throughout all of that can be challenging.
Project Title: Implementing libseccomp in PRoot
Description:
PRoot contains it's own seccomp code for handling security permissions for running binaries. Instead of maintaining the legacy seccomp code, we would like to see libseccomp implemented. Below is a brief excerpt of the benefits this solution would provide:
This would also help with portability since libseccomp supports several different architectures.
Deliverable:
The current test suite should pass on recent Linux kernels with no failures, on all of the arches that PRoot supports.
Mentor: @oxr463
Skills: c, Linux, ptrace, syscalls, seccomp
Skill Level: Hard
Get started: See: proot-me/proot#106, proot-me/proot#195
The text was updated successfully, but these errors were encountered: