mrtoth/agent-sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apply a seccomp-BPF syscall allowlist by default

Browse Source 
Derived from Podman's default profile, stripped of capability-conditional
rules (we never grant capabilities), argument filters, and the explicit
EPERM block. Dangerous syscalls (mount, unshare, ptrace, bpf,
perf_event_open, io_uring_*, keyctl, kexec_*, ...) fall through to the
default ENOSYS action, which also keeps glibc's clone3 -> clone fallback
working. x86_64 and aarch64 are supported; other archs error out.

Toggle with --seccomp / --no-seccomp or seccomp = <bool> in config.
This commit is contained in:
Kristóf Tóth
2026-04-08 08:34:34 +02:00
parent 5f3b139457
commit 12644ae31e
11 changed files with 772 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Cargo.toml
View File

@@ -14,8 +14,11 @@ path = "src/main.rs"
[dependencies]
clap = { version = "4", features = ["derive"] }
glob = "0.3"
libc = "0.2"
seccompiler = "0.5"
serde = { version = "1", features = ["derive"] }
shlex = "1.3.0"
syscalls = { version = "0.8", default-features = false, features = ["std"] }
toml = "1"
[dev-dependencies]