Seccomp

From Wikipedia, the free encyclopedia

seccomp is a simple sandboxing mechanism for the Linux kernel.

It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process.

In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

seccomp was first devised by Andrea Arcangeli in January 2005 for use in public grid computing and was originally intended as a means of safely running untrusted compute-bound programs.

The neutrality of this section is disputed. Please see the discussion on the talk page.(December 2007) Please do not remove this message until the dispute is resolved.

Arcangeli's CPUShare is the only service that makes use of this feature as of April 2006, and seccomp has been criticised ([1] Ingo Molnar's critique on linux-kernel mailing list) for being bound to a service (CPUShare) that is burdened with patents that aim to restrict the freedoms of grid computing service providers.