Seccomp GudangMovies21 Rebahinxxi LK21

seccomp (short for secure computing) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
seccomp mode is enabled via the prctl(2) system call using the PR_SET_SECCOMP argument, or (since Linux kernel 3.17) via the seccomp(2) system call. seccomp mode used to be enabled by writing to a file, /proc/self/seccomp, but this method was removed in favor of prctl(). In some kernel versions, seccomp disables the RDTSC x86 instruction, which returns the number of elapsed processor cycles since power-on, used for high-precision timing.
seccomp-bpf is an extension to seccomp that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH and vsftpd as well as the Google Chrome/Chromium web browsers on ChromeOS and Linux. (In this regard seccomp-bpf achieves similar functionality, but with more flexibility and higher performance, to the older systrace—which seems to be no longer supported for Linux.)
Some consider seccomp comparable to OpenBSD pledge(2) and FreeBSD capsicum(4).




History


seccomp was first devised by Andrea Arcangeli in January 2005 for use in public grid computing and was originally intended as a means of safely running untrusted compute-bound programs. It was merged into the Linux kernel mainline in kernel version 2.6.12, which was released on March 8, 2005.




Software using seccomp or seccomp-bpf


Android uses a seccomp-bpf filter in the zygote since Android 8.0 Oreo.
systemd's sandboxing options are based on seccomp.
QEMU, the Quick Emulator, the core component to the modern virtualization together with KVM uses seccomp on the parameter --sandbox
Docker – software that allows applications to run inside of isolated containers. Docker can associate a seccomp profile with the container using the --security-opt parameter.
Arcangeli's CPUShare was the only known user of seccomp for a while. Writing in February 2009, Linus Torvalds expresses doubt whether seccomp is actually used by anyone. However, a Google engineer replied that Google is exploring using seccomp for sandboxing its Chrome web browser.
Firejail is an open source Linux sandbox program that utilizes Linux namespaces, Seccomp, and other kernel-level security features to sandbox Linux and Wine applications.
As of Chrome version 20, seccomp-bpf is used to sandbox Adobe Flash Player.
As of Chrome version 23, seccomp-bpf is used to sandbox the renderers.
Snap specify the shape of their application sandbox using "interfaces" which snapd translates to seccomp, AppArmor and other security constructs
vsftpd uses seccomp-bpf sandboxing as of version 3.0.0.
OpenSSH has supported seccomp-bpf since version 6.0.
Mbox uses ptrace along with seccomp-bpf to create a secure sandbox with less overhead than ptrace alone.
LXD, a Ubuntu "hypervisor" for containers
Firefox and Firefox OS, which use seccomp-bpf
Tor supports seccomp since 0.2.5.1-alpha
Lepton, a JPEG compression tool developed by Dropbox uses seccomp
Kafel is a configuration language, which converts readable policies into seccompb-bpf bytecode
Subgraph OS uses seccomp-bpf
Flatpak uses seccomp for process isolation
Bubblewrap is a lightweight sandbox application developed from Flatpak
minijail uses seccomp for process isolation
SydBox uses seccomp-bpf to improve the runtime and security of the ptrace sandboxing used to sandbox package builds on Exherbo Linux distribution.
File, a Unix program to determine filetypes, uses seccomp to restrict its runtime environment
Zathura, a minimalistic document viewer, uses seccomp filter to implement different sandbox modes
Tracker, a indexing and preview application for the GNOME desktop environment, uses seccomp to prevent automatic exploitation of parsing vulnerabilities in media files




References






External links


Official website (Archived)
Google's Chromium sandbox, LWN.net, August 2009, by Jake Edge
seccomp-nurse, a sandboxing framework based on seccomp
Documentation/prctl/seccomp_filter.txt, part of the Linux kernel documentation
Security In-Depth for Linux Software: Preventing and Mitigating Security Bugs

Kata Kunci Pencarian:

• Google Chrome
• Seccomp
• Sandbox (computer security)
• Google Chrome
• Io uring
• Zathura (document viewer)
• Android Nougat
• Stephen Huntley Watt
• EBPF
• Linux kernel
• Virtual Extensible LAN

SsN4lghiB0GNUTBmIUh1o3DAbfMCHu9X1lbN_KDy0UP ...

seccomp-bpf

BUG: problems with docker seccomp profiles on ARM · Issue #404 ...

Seccomp Tools : Provide Powerful Tools For Seccomp Analysis

Seccomp Tools : Provide Powerful Tools For Seccomp Analysis

Go Seccomp Filters - Part 1 - Code The Cloud

Go Seccomp Filters - Part 2 - Code The Cloud

Seccomp: Enhance Security for Linux Applications

Seccomp: Enhance Security for Linux Applications

Seccomp: Enhance Security for Linux Applications

Basics of Seccomp for Docker

Basics of Seccomp for Docker

seccomp

Daftar Isi

• seccomp - Wikipedia
• seccomp(2) — Linux manual page - man7.org
• Chapter 8. Linux Capabilities and Seccomp - Red Hat
• Seccomp security profiles for Docker
• seccomp_unotify(2) — Linux manual page - man7.org
• A seccomp overview - LWN.net
• Restrict a Container's Syscalls with seccomp - Kubernetes

seccomp - Wikipedia

seccomp (short for secure computing[1]) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors.

seccomp(2) — Linux manual page - man7.org

The seccomp () system call operates on the Secure Computing (seccomp) state of the calling process. Currently, Linux supports the following operation values: SECCOMP_SET_MODE_STRICT The only system calls that the calling thread is permitted to make are read (2), write (2), _exit (2) (but not exit_group (2)), and sigreturn (2).

Chapter 8. Linux Capabilities and Seccomp - Red Hat

Secure Computing Mode (seccomp) is a kernel feature that allows you to filter system calls to the kernel from a container. The combination of restricted and allowed calls are arranged in profiles, and you can pass different profiles to different containers.

Seccomp security profiles for Docker

Secure computing mode (seccomp) is a Linux kernel feature. You can use it to restrict the actions available within the container. The seccomp() system call operates on the seccomp state of the calling process. You can use this feature to restrict your application's access.

seccomp_unotify(2) — Linux manual page - man7.org

Overview In conventional usage of a seccomp filter, the decision about how to treat a system call is made by the filter itself. By contrast, the user-space notification mechanism allows the seccomp filter to delegate the handling of the system call to another user-space process.

A seccomp overview - LWN.net

Sep 2, 2015 · In the "refereed talks" track at the Linux Plumbers Conference, Michael Kerrisk looked at the "secure computing" (seccomp) facility in the kernel and how it can be used to reduce the kernel's attack surface.

Restrict a Container's Syscalls with seccomp - Kubernetes

Oct 31, 2023 · In this tutorial, you will go through how to load seccomp profiles into a local Kubernetes cluster, how to apply them to a Pod, and how you can begin to craft profiles that give only the necessary privileges to your container processes. Objectives. Learn how to load seccomp profiles on a node; Learn how to apply a seccomp profile to a container