Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Seccomp #895

Open
Tracked by #843
n0toose opened this issue Feb 5, 2025 · 0 comments
Open
Tracked by #843

Implement Seccomp #895

n0toose opened this issue Feb 5, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@n0toose
Copy link
Member

n0toose commented Feb 5, 2025
edited
Loading

  • The system calls used by Uhyve can be collected using strace
  • An interesting addition would be prohibiting the open flags that can be used with open through seccomp as well, see:

    uhyve/src/hypercall.rs

    Line 103 in 5d61fb9

    let mut flags = sysopen.flags & ALLOWED_OPEN_FLAGS;
@n0toose n0toose mentioned this issue Feb 5, 2025
Open
4 tasks
@n0toose n0toose changed the title seccomp: https://gitlab.com/virtio-fs/virtiofsd/-/blob/main/src/seccomp.rs Use Seccomp in Uhyve Feb 5, 2025
@n0toose n0toose added the enhancement New feature or request label Feb 5, 2025
@n0toose n0toose changed the title Use Seccomp in Uhyve Implement Seccomp Feb 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@n0toose