![]() |
This article needs to be updated. Please help update this article to reflect recent events or newly available information. (May 2012)
|
Original author(s) | Andrea Arcangeli |
---|---|
Initial release | March 8, 2005; 19 years ago (2005-03-08) |
Written in | C |
Operating system | Linux |
Type | Sandboxing |
License | GNU General Public License |
Website | code |
seccomp (short for secure computing[1]) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit()
, sigreturn()
, read()
and write()
to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILLorSIGSYS.[2][3] In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
seccomp mode is enabled via the prctl(2)
system call using the PR_SET_SECCOMP
argument, or (since Linux kernel 3.17[4]) via the seccomp(2)
system call.[5] seccomp mode used to be enabled by writing to a file, /proc/self/seccomp
, but this method was removed in favor of prctl()
.[6] In some kernel versions, seccomp disables the RDTSC
x86 instruction, which returns the number of elapsed processor cycles since power-on, used for high-precision timing.[7]
seccomp-bpf is an extension to seccomp[8] that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH[9] and vsftpd as well as the Google Chrome/Chromium web browsers on ChromeOS and Linux.[10] (In this regard seccomp-bpf achieves similar functionality, but with more flexibility and higher performance, to the older systrace—which seems to be no longer supported for Linux.)
Some consider seccomp comparable to OpenBSD pledge(2) and FreeBSD capsicum(4)[citation needed].
seccomp was first devised by Andrea Arcangeli in January 2005 for use in public grid computing and was originally intended as a means of safely running untrusted compute-bound programs. It was merged into the Linux kernel mainline in kernel version 2.6.12, which was released on March 8, 2005.[11]
--sandbox
[14]--security-opt
parameter.seccomp(2)
: "The seccomp() system call operates on the Secure Computing (seccomp) state" – Linux Programmer's Manual – System Calls
| |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Organization |
| ||||||||||||||||||||||||||
Technical |
| ||||||||||||||||||||||||||
Adoption |
| ||||||||||||||||||||||||||
|
| |
---|---|
Linux kernel |
|
Controversies |
|
Distributions |
|
Organizations |
|
Adoption |
|
Media |
|
Professional related certifications |
|
|