Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting away from libseccomp #2724

Open
4 tasks
utam0k opened this issue Mar 6, 2024 · 9 comments
Open
4 tasks

Getting away from libseccomp #2724

utam0k opened this issue Mar 6, 2024 · 9 comments
Assignees

Comments

@utam0k
Copy link
Member

utam0k commented Mar 6, 2024

We will start looking into the possibility of implementing our own seccomp. libseccomp dependency issues have erupted in various places.
It would not be necessary to actually support that many architectures. However, we only need to know the number of the system call for each archs.

TODO:

  • SeccompRule
    • In this step, we only add the unit test for SeccompRule. It means we don't integrate it into main.rs
  • Seccomp structure that bundles SeccompRule.
    • The main.rs is completed here.
  • Support Arm64
  • Integrate to libcontainer
@utam0k utam0k self-assigned this Mar 6, 2024
@utam0k
Copy link
Member Author

utam0k commented Mar 6, 2024

I'll give it a try to implement PoC

@jprendes
Copy link
Contributor

jprendes commented Mar 6, 2024

That's great!
Particularly, as libseccomp is LGPL licensed.
I know runc adds the libseecomp tarbal to their release due to static builds (see here), something we don't currently do.

@YJDoc2
Copy link
Collaborator

YJDoc2 commented Mar 6, 2024

This would be great! Let me know if I can help in any way 💜

@YJDoc2
Copy link
Collaborator

YJDoc2 commented Apr 11, 2024

Hey, we should also take a look at https://github.com/rust-vmm/seccompiler

@utam0k
Copy link
Member Author

utam0k commented Apr 11, 2024

Hey, we should also take a look at https://github.com/rust-vmm/seccompiler

Thanks for sharing. I have already checked it but it doesn't support seccomp notify.

@sat0ken
Copy link
Contributor

sat0ken commented Aug 26, 2024

I will try this issue, OK?

@YJDoc2
Copy link
Collaborator

YJDoc2 commented Aug 27, 2024

Hey @sat0ken , utam0k is already working on this. If you have access to WSL, can I suggest trying #2484 , as currently we don't have someone with access to WSL, and it would be great help!

@sat0ken
Copy link
Contributor

sat0ken commented Sep 2, 2024

@YJDoc2 Sure!I will check #2484, and try it on WSL.

@utam0k
Copy link
Member Author

utam0k commented Dec 24, 2024

@sat0ken As a next step, how about testing with moby's default.json?
https://github.com/moby/moby/blob/master/profiles/seccomp/default.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants