[GSoC][RFC]: seccomp-assisted syscall filtering
chenjingpiao at gmail.com
Wed Mar 21 14:17:08 UTC 2018
On 03/12 02:29, Eugene Syromiatnikov wrote:
> On Mon, Mar 12, 2018 at 10:38:37AM +0800, Chen Jingpiao wrote:
> > Hi.
> > I want to apply GSoC again. I am interested in seccomp-assisted syscall
> > filtering project.
> > I introduce myself again.
> > My name is Chen Jingpiao, a junior student in Guangdong Pharmaceutical
> > University, majoring in Computer Science and Technology. I am familiar
> > Linux and tools (Git, vim, gdb, find, grep, diff, makefile etc.)
> > I have accepted strace GSoC 2017 netlink socket parsers project.
> > I will prepare the work according to the following step:
> > 1. Understand how strace trace a program (or attach a process)
> > 2. How seccomp work
> > 3. How to handle special case:
> > * architecture
> > * personality
> > * -f option
> > * subcall
> > 4. How introduce seccomp filter in strace
> > I'm happy to hear your suggestions or get your help.
> > Thank you.
> Please note that there is already some (seemingly abandoned) patch
> available that tries to introduce the functionality in question,
> as mentioned on strace's GSoC wiki page (do you plan to use it in
> your work or will do everything from scratch?).
I want to work from scratch.
> I'm looking forward
> to a more elaborate description of the proposal (for example, what are
> expected limitations of seccomp filter (like its size) and what
> functionality can be achieved there, how it integrates with other
> features like path filtering and the upcoming filtering engine, what
> are possibilities regarding optimizing BPF code for size). In addition,
> I have a concern regarding conflicts with already set seccomp filters
> or attempts to do so, what solutions could you propose in that regard?
In my understanding, this project is work with -e trace option to make
run faster. Not introduce user command, it easy to integrate with other
I write a demo , and my proposal draft .
Detail about the demo:
* only trace execve and open syscall
* trace execve for handle PTRACE_EVENT_EXEC event
* can handle multiple personality
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Strace-devel