Menu
I'm looking for an example of eBPF to write a seccomp filter, but I can't find none. Could someone tell me if is possible to use eBPF to write seccomp filter?
946
With seccomp/BPF, MBOX can intercept just the system calls that it needs to examine, and skip system calls such as read() and write() that take a file descriptor as an argument.
seccomp-bpf is an extension to seccomp that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH and vsftpd as well as the Google Chrome/Chromium web browsers on Chrome OS and Linux.
Secure computing mode ( seccomp ) is a Linux kernel feature. You can use it to restrict the actions available within the container. The seccomp() system call operates on the seccomp state of the calling process. You can use this feature to restrict your application's access.
Seccomp does not work with eBPF at the moment (only cBPF).
There was a discussion not long ago on that topic on the Linux networking mailing list. The eBPF maintainer is against adding eBPF support to seccomp.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
