https://github.com/tamimehsan/simple-sandbox
A simple sandbox to practice linux security primitives
https://github.com/tamimehsan/simple-sandbox
sandbox seccomp
Last synced: 7 months ago
JSON representation
A simple sandbox to practice linux security primitives
- Host: GitHub
- URL: https://github.com/tamimehsan/simple-sandbox
- Owner: TamimEhsan
- Created: 2024-05-19T15:10:45.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2024-05-23T19:52:22.000Z (over 1 year ago)
- Last Synced: 2025-01-21T14:38:26.629Z (9 months ago)
- Topics: sandbox, seccomp
- Language: C++
- Homepage:
- Size: 10.7 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Simple Sandbox
Let's try to create a simple sandbox and in turn learn the inner workings of linux security primitives like seccomp, cgroups and namespaces
You can find detailed explanations inside each folder.
At first let's try to work with seccomp which means secure computing mode.
### 1. Running simple C program inside sandbox
At first we will try to run a simple c program inside a sandbox using `execve`
### 2. Seccomp strict mode
We will see how seccomp strict mode allows a very strict pool of system call
### 3. Add filter to sandbox
Using seccomp rules we initialize sandbox to block everything, then add rules to allow the bare minimum.
### 4. Get Resource Usage
We will try to find the resource usage of the sandboxed process. We will also refactor the code to allow monitoring the child.
### 5. Set Resource Usage
In this part we will limit the resource usage of the sandboxed program to a certain upper bound.