Global InformationSeccomp information
 | This article needs to be updated. (May 2012) |
| Original author(s) | Andrea Arcangeli |
|---|---|
| Initial release | March 8, 2005 |
| Written in | C |
| Operating system | Linux |
| Type | Sandboxing |
| License | GNU General Public License |
| Website | code |
seccomp (short for secure computing[1]) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS.[2][3] In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
seccomp mode is enabled via the system call using the PR_SET_SECCOMP argument, or (since Linux kernel 3.17[4]) via the system call.[5] seccomp mode used to be enabled by writing to a file, /proc/self/seccomp, but this method was removed in favor of prctl().[6] In some kernel versions, seccomp disables the RDTSC x86 instruction, which returns the number of elapsed processor cycles since power-on, used for high-precision timing.[7]
seccomp-bpf is an extension to seccomp[8] that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH[9] and vsftpd as well as the Google Chrome/Chromium web browsers on ChromeOS and Linux.[10] (In this regard seccomp-bpf achieves similar functionality, but with more flexibility and higher performance, to the older systrace—which seems to be no longer supported for Linux.)
Some consider seccomp comparable to OpenBSD pledge(2) and FreeBSD capsicum(4)[citation needed].
- ^ : "The seccomp() system call operates on the Secure Computing (seccomp) state" – Linux Programmer's Manual – System Calls
- ^ Corbet, Jonathan (2015-09-02). "A seccomp overview". lwn. Retrieved 2017-10-05.
- ^ "Documentation/prctl/seccomp_filter.txt". Retrieved 2017-10-05.
- ^ "Linux kernel 3.17, Section 11. Security". kernelnewbies.org. 2013-10-05. Retrieved 2015-03-31.
- ^ "seccomp: add "seccomp" syscall". kernel/git/torvalds/linux.git - Linux kernel source tree. kernel.org. 2014-06-25. Retrieved 2014-08-22.
- ^ Arcangeli, Andrea (2007-06-14). "[PATCH 1 of 2] move seccomp from /proc to a prctl". Retrieved 2013-08-02.
- ^ Tinnes, Julien (2009-05-28). "Time-stamp counter disabling oddities in the Linux kernel". cr0 blog. Retrieved 2013-08-02.
- ^ Corbet, Jonathan (2012-01-11). "Yet another new approach to seccomp". lwn. Retrieved 2013-08-02.
- ^ Cite error: The named reference
OpenSSH 6.0was invoked but never defined (see the help page). - ^ Tinnes, Julien (2012-11-19). "A safer playground for your Linux and Chrome OS renderers". The Chromium Blog. Retrieved 2013-08-02.