On Tue, Sep 3, 2013 at 6:41 PM, niXman <i.nix...@gmail.com> wrote: > Thank you for your answers! > > It would seem that such technology as SECCOMP is very necessary in the > kernel but the current implementation does not allow to implement a complete > filtering / logging / limitation of many system calls ... > >> But should not be used as a security measure because it is easy to >> circumvent > Yes, exactly for that I wanted to use libseccomp. It is unfortunate that the > current implementation is so limited: ( > Tell me please, what can you recommend to me?
A good chuck of syscalls can be delegated to a trusted process: - Capture the syscall using trap. - Send a message to a trusted process using a socket. - Get the fd back (or not) in case of an open() - Emulate the syscall. ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ libseccomp-discuss mailing list libseccomp-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
