GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Full log

View this message in rfc822 format

From: Philipp Stephani <p.stephani2 <at> gmail.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: Bastien <bzg <at> gnu.org>, 45198 <at> debbugs.gnu.org, João Távora <joaotavora <at> gmail.com>
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sat, 10 Apr 2021 21:11:04 +0200

Am Sa., 19. Dez. 2020 um 23:22 Uhr schrieb Philipp Stephani
<p.stephani2 <at> gmail.com>:
>
> Am Mo., 14. Dez. 2020 um 12:05 Uhr schrieb Philipp Stephani
> <p.stephani2 <at> gmail.com>:
>
> > > >> - This will need someone else doing the implementation.
> > > > Looks like we already have a volunteer for macOS.
> > > > For Linux, this shouldn't be that difficult either. The sandbox needs
> > > > to install a mount namespace that only allows read access to Emacs's
> > > > installation directory plus any input file and write access to known
> > > > output files, and enable syscall filters that forbid everything except
> > > > a list of known-safe syscalls (especially exec). I can take a stab at
> > > > that, but I can't promise anything ;-)
> > >
> > > Looking forward to it.
> > >
> >
> > I've looked into this, and what I'd suggest for now is:
> > […]
> > 2. Generate appropriate seccomp filters using libseccomp or similar.
>
> Here's a patch for this step.

I've now pushed a variant of this patch as commit
1060289f51ee1bf269bb45940892eb272d35af97, after verifying that it
doesn't break the macOS or Windows builds.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.