[GSoC][RFC]: seccomp-assisted syscall filtering

Chen Jingpiao chenjingpiao at gmail.com
Wed Mar 21 14:17:08 UTC 2018 

On 03/12 02:29, Eugene Syromiatnikov wrote:
> On Mon, Mar 12, 2018 at 10:38:37AM +0800, Chen Jingpiao wrote:
> > Hi.
> >
> > I want to apply GSoC again. I am interested in seccomp-assisted syscall
> > filtering project.
> >
> > I introduce myself again.
> >
> > My name is Chen Jingpiao, a junior student in Guangdong Pharmaceutical
> > University, majoring in Computer Science and Technology. I am familiar
with C,
> > Linux and tools (Git, vim, gdb, find, grep, diff, makefile etc.)
> > I have accepted strace GSoC 2017 netlink socket parsers project.
> >
> > I will prepare the work according to the following step:
> >
> > 1. Understand how strace trace a program (or attach a process)
> > 2. How seccomp work
> > 3. How to handle special case:
> > * architecture
> > * personality
> > * -f option
> > * subcall
> > 4. How introduce seccomp filter in strace
> >
> > I'm happy to hear your suggestions or get your help.
> > Thank you.
>
> Please note that there is already some (seemingly abandoned) patch
> available that tries to introduce the functionality in question[1],
> as mentioned on strace's GSoC wiki page[2] (do you plan to use it in
> your work or will do everything from scratch?).

Thank you.
I want to work from scratch.

> I'm looking forward
> to a more elaborate description of the proposal (for example, what are
> expected limitations of seccomp filter (like its size) and what
> functionality can be achieved there, how it integrates with other
> features like path filtering and the upcoming filtering engine, what
> are possibilities regarding optimizing BPF code for size). In addition,
> I have a concern regarding conflicts with already set seccomp filters
> or attempts to do so, what solutions could you propose in that regard?

In my understanding, this project is work with -e trace option to make
strace
run faster. Not introduce user command, it easy to integrate with other
features.

I write a demo [1], and my proposal draft [2].

Detail about the demo:

* only trace execve and open syscall
* trace execve for handle PTRACE_EVENT_EXEC event
* can handle multiple personality

Thank you.

>
> [1]
https://github.com/shinh/strace/commit/92db747699773b8b9be42ecb27ab969eeb649825
> [2]
https://strace.io/wiki/GoogleSummerOfCode2018#seccomp-assisted_syscall_filtering

[1] https://github.com/ppiao/strace/commits/ppiao/seccomp
[2] https://gist.github.com/ppiao/4881da820b35c96075fa8d76bee073f3

--
Chen Jingpiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20180321/674c1d42/attachment.html>

More information about the Strace-devel mailing list