New blog post outlining the implementation of Seccomp and Seccomp-BPF https://illogicalexpressions.com/linux/2016/08/31/seccomp-and-seccomp-bpf.html …
if you really want to do it, afaik you can ptrace the child with PTRACE_O_{TRACEEXEC,EXITKILL} and inject syscalls (mmap, seccomp).
-
-
less reliable alternative would be to whitelist execveat(<fd>,*,*,*,AT_EMPTY_PATH) and block close/dup2/dup3 on <fd>, I guess.
-
another alternative: create new mount namespace with just an empty inaccessible tmpfs, whitelist execveat, use O_CLOEXEC.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.