Texonom
Texonom/
Engineering
Engineering/Hardware Engineering/Computer/Operating System/UNIX/Unix-like/Linux/Linux Strcutre/Linux Kernel/Linux system call/Process System call/
seccomp()
Loading views...
Search

seccomp()

Creator
Creator
Seonglae ChoSeonglae Cho
Created
Created
2024 May 10 4:17
Editor
Editor
Seonglae ChoSeonglae Cho
Edited
Edited
2024 May 19 3:4
Refs
Refs

SECure COMPuting with filters

seccomp allows developers to write complex rules to allow/disallow certain system calls or filter system calls based on argument variables. seccomp rules are inherited by children process.
https://chromium.googlesource.com/chromium/chromium/+/refs/heads/main/sandbox/linux
It can reduce
TCB and prevents
Dot-Dot Attack. seccomp uses the kernel functionality
eBPF.
 
 
libseccomp-dev
 
 
 

Backlinks

Software Sandboxing

Recommendations

Texonom
Texonom/
Engineering
Engineering/Hardware Engineering/Computer/Operating System/UNIX/Unix-like/Linux/Linux Strcutre/Linux Kernel/Linux system call/Process System call/
seccomp()