Security/Sandbox/Seccomp: Difference between revisions

Jump to navigation Jump to search

Security/Sandbox/Seccomp (view source)

Revision as of 01:18, 13 February 2014

91 bytes added ,  13 February 2014
→‎Intro to seccomp and seccomp-bpf
Line 9: Line 9:
These filter allow for a more configurable list of system calls that are allowed or denied within the sandbox. Seccomp-bpf is available since Linux version 3.5 and is useable on ARM architecture since Linux version 3.10. Several backports are available for earlier kernel versions.
These filter allow for a more configurable list of system calls that are allowed or denied within the sandbox. Seccomp-bpf is available since Linux version 3.5 and is useable on ARM architecture since Linux version 3.10. Several backports are available for earlier kernel versions.


We have backports for 3.0.x kernels, 3.4 kernels, and 2.6.29 kernels (see bug 790923 and it's children). No backport is necessary for kernels 3.10 and above.
We have backports for 3.0.x kernels, 3.4 kernels, and 2.6.29 kernels (see bug [https://bugzilla.mozilla.org/show_bug.cgi?id=790923 790923] and it's children). No backport is necessary for kernels 3.10 and above.
''CONFIG_SECCOMP=y'' and ''CONFIG_SECCOMP_FILTER=y'' are needed in the kernel's config at compile time.
These configuration options are required to be present in the kernel's config at compile time:
 
  CONFIG_SECCOMP=y
  CONFIG_SECCOMP_FILTER=y


=== How do I call seccomp-bpf ? ===
=== How do I call seccomp-bpf ? ===
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/925258"

Navigation menu