Re: seccomp jailing for applications (was: recommends for apparmor in newest linux-image-4.13)

2017-12-01 Thread Colin Watson
On Fri, Dec 01, 2017 at 12:05:20PM +0100, Andrew Shadura wrote: > How about https://notabug.org/rain1/linux-seccomp-pledge/? Promising enough idea, but it looks like the author gave up on it and never finished the job. This sort of thing is only really helpful if it's maintained by somebody who's

Re: seccomp jailing for applications (was: recommends for apparmor in newest linux-image-4.13)

2017-12-01 Thread Colin Watson
On Thu, Nov 30, 2017 at 07:18:43PM -0800, Seth Arnold wrote: > On Fri, Dec 01, 2017 at 01:29:44AM +, Colin Watson wrote: > > but should be much easier to maintain, and would probably also make it > > easier to switch to a syscall-set-confining library if such a thing > > exists in the future. >

Re: seccomp jailing for applications (was: recommends for apparmor in newest linux-image-4.13)

2017-11-30 Thread Seth Arnold
On Fri, Dec 01, 2017 at 01:29:44AM +, Colin Watson wrote: > but should be much easier to maintain, and would probably also make it > easier to switch to a syscall-set-confining library if such a thing > exists in the future. Would a version of OpenBSD's pledge() system call have looked appeali

Re: seccomp jailing for applications (was: recommends for apparmor in newest linux-image-4.13)

2017-11-30 Thread Colin Watson
On Fri, Dec 01, 2017 at 12:35:06AM +, Colin Watson wrote: > (Hmm, though maybe a reasonable stopgap would be to copy the relevant > syscall lists from systemd's code. That would leave me updating things > manually from time to time, which isn't great, but it would probably > still be better th

Re: seccomp jailing for applications (was: recommends for apparmor in newest linux-image-4.13)

2017-11-30 Thread Colin Watson
On Wed, Nov 29, 2017 at 05:36:30PM -0800, Russ Allbery wrote: > Vincas Dargis writes: > > Since mentioned, I would like that these daemons would implement seccomp > > filtering themselves, meaning like within application itself, using > > libeseccomp. Thy can fine-grain what thread what syscalls c

seccomp jailing for applications (was: recommends for apparmor in newest linux-image-4.13)

2017-11-29 Thread Russ Allbery
Vincas Dargis writes: > Since mentioned, I would like that these daemons would implement seccomp > filtering themselves, meaning like within application itself, using > libeseccomp. Thy can fine-grain what thread what syscalls can make. Yes, this is potentially even better. But there are cases