[pypy-issue] [issue1003] Sandbox code uses no-longer-working seccom
Da_Blitz
tracker at bugs.pypy.org
Thu Jan 19 12:32:02 CET 2012
Da_Blitz <pypy at pocketnix.org> added the comment:
There are upcoming changes to seccomp that may make it work with pypy. currently
a seccomp enabled version of pypy will not work due to calls to mmap and sbrk
failing (as these are not on the list of allowed syscalls) however with the new
extensions it will be possible to dynamically filter allowed syscalls with a
'syscall firewall' (links below)
i had plans to work on this once the feature hit the mainline kernel but don't
mind working with someone if they are interested, should be as simple as moving
to the prctl interface, writing a new policy and loading it via prctl and then
some testing to ensure we got all the syscalls in the policy
https://lwn.net/Articles/475043/
http://lwn.net/SubscriberLink/475678/655d35a19825fd7d/ (subscriber link as
content is not 'public' until next week)
https://lwn.net/Articles/475019/
----------
nosy: +dablitz
________________________________________
PyPy bug tracker <tracker at bugs.pypy.org>
<https://bugs.pypy.org/issue1003>
________________________________________
More information about the pypy-issue
mailing list