[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45198: 28.0.50; Sandbox mode
From: |
Philipp Stephani |
Subject: |
bug#45198: 28.0.50; Sandbox mode |
Date: |
Sat, 19 Dec 2020 23:22:08 +0100 |
Am Mo., 14. Dez. 2020 um 12:05 Uhr schrieb Philipp Stephani
<p.stephani2@gmail.com>:
> > >> - This will need someone else doing the implementation.
> > > Looks like we already have a volunteer for macOS.
> > > For Linux, this shouldn't be that difficult either. The sandbox needs
> > > to install a mount namespace that only allows read access to Emacs's
> > > installation directory plus any input file and write access to known
> > > output files, and enable syscall filters that forbid everything except
> > > a list of known-safe syscalls (especially exec). I can take a stab at
> > > that, but I can't promise anything ;-)
> >
> > Looking forward to it.
> >
>
> I've looked into this, and what I'd suggest for now is:
> […]
> 2. Generate appropriate seccomp filters using libseccomp or similar.
Here's a patch for this step.
0002-Add-a-helper-binary-to-create-a-basic-Secure-Computi.patch
Description: Text Data
- bug#45198: 28.0.50; Sandbox mode, (continued)
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/13
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/19
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/19
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/20
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/22
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/22
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/19
- bug#45198: 28.0.50; Sandbox mode,
Philipp Stephani <=
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/20
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/20
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/20
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/20
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/31
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/31