[pypy-issue] [issue1003] Sandbox code uses no-longer-working seccom

Paul Crowley tracker at bugs.pypy.org
Wed Jan 18 15:57:42 CET 2012


New submission from Paul Crowley <paul at lshift.net>:

If the os_level_sandboxing flag in pypy.translator.sandbox.sandlib.SandboxedProc 
is set to True, the sandbox tries to turn on "seccomp" for the sandboxed child 
process.  However, it attempts to do so by writing to "/proc/<pid>/seccomp", 
which has been removed from modern kernels.  Instead the child process must call 
prctl on itself to harden the sandbox at the OS level. 
http://en.wikipedia.org/wiki/Seccomp

----------
messages: 3714
nosy: ciphergoth, pypy-issue
priority: feature
status: unread
title: Sandbox code uses no-longer-working seccom

________________________________________
PyPy bug tracker <tracker at bugs.pypy.org>
<https://bugs.pypy.org/issue1003>
________________________________________


More information about the pypy-issue mailing list