From Fedora Project Wiki
< Features
Syscall Filters
Summary
Syscall filtering is a security mechanism that allows applications to define which syscalls it should be allowed to execute.
Owner
- Name: Cole Robinson
- Email: crobinso@redhat.com
- Name: Paul Moore
- Email: pmoore@redhat.com
Current status
- Targeted release: Fedora 18
- Last updated: June 6 2012
- Percentage of completion: 0%
Detailed Description
Benefit to Fedora
Improved security for applications that use syscall filtering.
Scope
- Get seccomp into upstream kernel (currently queued for 3.5): DONE
- Package libseccomp for Fedora (not done)
For a demo application at least QEMU should be using syscall filtering by F18, so:
- Patch upstream QEMU to use libseccomp for syscall filtering (in progress)
- Build QEMU in fedora against libseccomp to auto enable syscall filtering (not done)
How To Test
TBD
User Experience
Ideally this feature shouldn't be noticeable to the user, the syscall filtering should allow normal execution of the application. Intention is that only people trying to exploit security holes notice that the syscall they are trying to use is blocked :)
Dependencies
- Kernel updated to 3.5
- libseccomp packaged
- Qemu updated to 1.2
Any other apps that want to use this functionality need the the first two bits.
Contingency Plan
Since this is brand new functionality, if it doesn't make it in time for F18, nothing has changed. We just drop this feature page.
Documentation
- https://lwn.net/Articles/494252/ (article about syscall filtering)
- http://libseccomp.sf.net/ (helper library)
- https://lists.gnu.org/archive/html/qemu-devel/2012-05/msg00623.html (initial qemu support posting)