Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 History 2 Software using seccomp or seccomp-bpf 3 References 4 External links

seccomp

●Español ●Français ●한국어 ●日本語 ●Русский ●Suomi Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article needs to be updated. Please help update this article to reflect recent events or newly available information. (May 2012)

seccomp
Original author(s)	Andrea Arcangeli
Initial release	March 8, 2005; 19 years ago (2005-03-08)
Written in	C
Operating system	Linux
Type	Sandboxing
License	GNU General Public License
Website	code.google.com/archive/p/seccompsandbox/wikis/overview.wiki

seccomp (short for secure computing^[1]) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILLorSIGSYS.^[2]^[3] In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

seccomp mode is enabled via the prctl(2) system call using the PR_SET_SECCOMP argument, or (since Linux kernel 3.17^[4]) via the seccomp(2) system call.^[5] seccomp mode used to be enabled by writing to a file, /proc/self/seccomp, but this method was removed in favor of prctl().^[6] In some kernel versions, seccomp disables the RDTSC x86 instruction, which returns the number of elapsed processor cycles since power-on, used for high-precision timing.^[7]

seccomp-bpf is an extension to seccomp^[8] that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH^[9] and vsftpd as well as the Google Chrome/Chromium web browsers on ChromeOS and Linux.^[10] (In this regard seccomp-bpf achieves similar functionality, but with more flexibility and higher performance, to the older systrace—which seems to be no longer supported for Linux.)

Some consider seccomp comparable to OpenBSD pledge(2) and FreeBSD capsicum(4)^{[citation needed]}.

History[edit]

seccomp was first devised by Andrea Arcangeli in January 2005 for use in public grid computing and was originally intended as a means of safely running untrusted compute-bound programs. It was merged into the Linux kernel mainline in kernel version 2.6.12, which was released on March 8, 2005.^[11]

Software using seccomp or seccomp-bpf[edit]

Android uses a seccomp-bpf filter in the zygote since Android 8.0 Oreo.^[12]
systemd's sandboxing options are based on seccomp.^[13]
QEMU, the Quick Emulator, the core component to the modern virtualization together with KVM uses seccomp on the parameter --sandbox^[14]
Docker – software that allows applications to run inside of isolated containers. Docker can associate a seccomp profile with the container using the --security-opt parameter.
Arcangeli's CPUShare was the only known user of seccomp for a while.^[15] Writing in February 2009, Linus Torvalds expresses doubt whether seccomp is actually used by anyone.^[16] However, a Google engineer replied that Google is exploring using seccomp for sandboxing its Chrome web browser.^[17]^[18]
Firejail is an open source Linux sandbox program that utilizes Linux namespaces, Seccomp, and other kernel-level security features to sandbox Linux and Wine applications.^[19]
As of Chrome version 20, seccomp-bpf is used to sandbox Adobe Flash Player.^[20]
As of Chrome version 23, seccomp-bpf is used to sandbox the renderers.^[21]
Snap specify the shape of their application sandbox using "interfaces" which snapd translates to seccomp, AppArmor and other security constructs^[22]
vsftpd uses seccomp-bpf sandboxing as of version 3.0.0.^[23]
OpenSSH has supported seccomp-bpf since version 6.0.^[9]
Mbox uses ptrace along with seccomp-bpf to create a secure sandbox with less overhead than ptrace alone.^[24]
LXD, a Ubuntu "hypervisor" for containers^[25]^[26]
Firefox and Firefox OS, which use seccomp-bpf^[27]^[28]
Tor supports seccomp since 0.2.5.1-alpha^[29]
Lepton, a JPEG compression tool developed by Dropbox uses seccomp^[30]
Kafel is a configuration language, which converts readable policies into seccompb-bpf bytecode^[31]
Subgraph OS uses seccomp-bpf^[32]^[33]
Flatpak uses seccomp for process isolation^[34]
Bubblewrap is a lightweight sandbox application developed from Flatpak^[35]
minijail^[36] uses seccomp for process isolation^[37]
SydBox uses seccomp-bpf^[38] to improve the runtime and security of the ptrace sandboxing used to sandbox package builds on Exherbo Linux distribution.
File, a Unix program to determine filetypes, uses seccomp to restrict its runtime environment^[39]
Zathura, a minimalistic document viewer, uses seccomp filter to implement different sandbox modes^[40]
Tracker, a indexing and preview application for the GNOME desktop environment, uses seccomp to prevent automatic exploitation of parsing vulnerabilities in media files^[41]

References[edit]

^ seccomp(2): "The seccomp() system call operates on the Secure Computing (seccomp) state" – Linux Programmer's Manual – System Calls

^ Corbet, Jonathan (2015-09-02). "A seccomp overview". lwn. Retrieved 2017-10-05.

^ "Documentation/prctl/seccomp_filter.txt". Retrieved 2017-10-05.

^ "Linux kernel 3.17, Section 11. Security". kernelnewbies.org. 2013-10-05. Retrieved 2015-03-31.

^ "seccomp: add "seccomp" syscall". kernel/git/torvalds/linux.git - Linux kernel source tree. kernel.org. 2014-06-25. Retrieved 2014-08-22.

^ Arcangeli, Andrea (2007-06-14). "[PATCH 1 of 2] move seccomp from /proc to a prctl". Retrieved 2013-08-02.

^ Tinnes, Julien (2009-05-28). "Time-stamp counter disabling oddities in the Linux kernel". cr0 blog. Retrieved 2013-08-02.

^ Corbet, Jonathan (2012-01-11). "Yet another new approach to seccomp". lwn. Retrieved 2013-08-02.

^ ^a ^b "Openssh 6.0 release notes". Retrieved 2013-10-14.

^ Tinnes, Julien (2012-11-19). "A safer playground for your Linux and Chrome OS renderers". The Chromium Blog. Retrieved 2013-08-02.

^ "[PATCH] seccomp: secure computing support". Linux kernel history. Kernel.org git repositories. 2005-03-08. Archived from the original on 2013-04-15. Retrieved 2013-08-02.

^ "Seccomp filter in Android O". Android Developers Blog.

^ "systemd.exec — Execution environment configuration". freedesktop.org. Retrieved 2017-10-14.

^ Otubo, Eduardo (2017-09-15). "QEMU Sandboxing new model pull request". qemu-devel mailing list archive.

^ van de Ven, Arjan (2009-02-28). "Re: [stable] [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Linux Kernel Mailing List. Retrieved 2013-08-02.

^ Torvalds, Linus (2009-02-28). "Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Linux Kernel Mailing List. Retrieved 2013-08-02.

^ Gutschke, Markus (2009-05-06). "Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Retrieved 2013-08-02.

^ Gutschke, Markus (2009-05-06). "Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Linux Kernel Mailing List. Retrieved 2013-08-02.

^ "Firejail". Firejail. Retrieved 2016-11-26.

^ Evans, Chris (2012-07-04). "Chrome 20 on Linux and Flash sandboxing". Retrieved 2013-08-02.

^ Tinnes, Julien (2012-09-06). "Introducing Chrome's next-generation Linux sandbox". cr0 blog. Retrieved 2013-08-02.

^ "Snap security policy". Archived from the original on 2017-02-04. Retrieved 2017-02-03.

^ Evans, Chris (2012-04-09). "vsftpd-3.0.0 and seccomp filter sandboxing is here!". Retrieved 2013-08-02.

^ "MBOX". Retrieved 2014-05-20.

^ "LXD an "hypervisor" for containers (based on liblxc)". 4 November 2014. Retrieved 2014-11-08.

^ "Where We're Going With LXD". Retrieved 2014-11-08.

^ Destuynder, Guillaume (2012-09-13). "Firefox Seccomp sandbox". Mozilla Bugzilla. Retrieved 2015-01-13.

^ Destuynder, Guillaume (2012-09-13). "Firefox Seccomp sandbox". Mozilla Wiki. Retrieved 2015-01-13.

^ "Tor ChangeLog".

^ "Lepton image compression: saving 22% losslessly from images at 15MB/s". Dropbox Tech Blog. Retrieved 2016-07-15.

^ "Kafel: A language and library for specifying syscall filtering policies".

^ "Subgraph OS". Subgraph. Retrieved 2016-12-18.

^ "LoganCIJ16: Future of OS". YouTube. Archived from the original on 2021-12-21. Retrieved 2016-12-18.

^ "The flatpak security model – part 1: The basics". Retrieved 2017-01-21.

^ "bubblewrap". Retrieved 2018-04-14.

^ "Chromium OS Sandboxing - the Chromium Projects".

^ "Minijail [LWN.net]". lwn.net. Retrieved 2017-04-11.

^ "core/trace/use_seccomp". dev.exherbo.org. Retrieved 2021-05-31.

^ "File application Sandboxing". GitHub.

^ "Zathura seccomp implementation".

^ "Gnome tracker seccomp implementation".

External links[edit]

Official website (Archived)
Google's Chromium sandbox, LWN.net, August 2009, by Jake Edge
seccomp-nurse, a sandboxing framework based on seccomp
Documentation/prctl/seccomp_filter.txt, part of the Linux kernel documentation
Security In-Depth for Linux Software: Preventing and Mitigating Security Bugs

Linux kernel

Organization

Kernel

Support

Developers
Users
- Linux User Group (LUG)

Technical

Debugging

Startup

ABIs

APIs

Kernel

System Call
Interface

POSIX
- ioctl
- select
- open
- read
- close
- sync
- …
Linux-only
- futex
- epoll
- splice
- dnotify
- inotify
- readahead
- …

In-kernel

Userspace

Daemons,
File systems

bpffs
configfs
devfs
devpts
debugfs
FUSE
hugetlbfs
pipefs
procfs
securityfs
sockfs
sysfs
tmpfs
systemd
- udev
Kmscon

Wrapper
libraries

C standard library
- glibc
- uClibc
- Bionic
  - libhybris
- dietlibc
- EGLIBC
- klibc
- musl
- Newlib
libcgroup
libdrm
libalsa
libevdev
libusb
liburing

Components

Process and I/O schedulers:
Brain Fuck Scheduler
Completely Fair Scheduler (CFS)
Earliest eligible virtual deadline first (EEVDF)
Noop scheduler
O(n) scheduler
O(1) scheduler
SCHED_DEADLINE
SCHED_FIFO
SCHED_RR

Variants

Mainline
- Linux kernel
- Linux-libre
High-performance computing
Real-time computing
- RTLinux
- RTAI
- Xenomai
- PREEMPT_RT
MMU-less
- μClinux
- PSXLinux

Virtualization

Hypervisor
- KVM
- Xen
OS-level virtualization
- Linux-VServer
- Lguest
- LXC
- OpenVZ
Other
- L4Linux
- ELinOS
- User-mode Linux
- MkLinux
- coLinux

Adoption

Range
of use

Desktop
Embedded
Gaming
Thin client:
- LTSP
Server:
- LAMP
- LYME-LYCE
Devices

Adopters

List of Linux adopters

Linux portal
Free and open-source software portal
Category

v t e Linux
Linux kernel	History Linus's law Linux-libre Booting process Kernel oops Tux more…
Controversies	Criticism of Linux Criticism of desktop Linux GNU/Linux naming controversy Tanenbaum–Torvalds debate SCO and Linux
Distributions	General comparison Distributions list Netbook-specific comparison Distributions that run from RAM Lightweight Security-focused operating system Package manager Package format List of software package managers
Organizations	LinuxChix Linux Counter Linux Documentation Project Linux Foundation Linux Mark Institute Linux User Group (LUG)
Adoption	Adopters Desktop Embedded Gaming Mobile Range of use Linux malware
Media	DistroWatch Free Software Magazine Full Circle Linux.com Linux Format Linux Gazette Linux Journal Linux Magazine LinuxUser Ubuntu User Linux Outlaws Linux Voice LugRadio LWN.net Phoronix Revolution OS The Code
Professional related certifications	CompTIA Linux+ Linux Foundation Red Hat Ubuntu
Linux portal Free and open-source software portal Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=Seccomp&oldid=1220412468" Categories: ●Linux kernel features ●Computer security Hidden categories: ●Articles with short description ●Short description matches Wikidata ●Wikipedia articles in need of updating from May 2012 ●All Wikipedia articles in need of updating ●All articles with unsourced statements ●Articles with unsourced statements from November 2022 ●This page was last edited on 23 April 2024, at 16:46 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view