Understanding SECCOMP

How SECCOMP accomplished security is via restricting syscalls which can be executed:

Take for example – here only 6 syscalls are permitted to be called by the application:

https://blog.cloudflare.com/sandboxing-in-linux-with-zero-lines-of-code/

The implementation internals are via BPF macro + prctl() + SECCOMP syscall.

But alternatively there is also the libseccomp library:

At the end of which is an example (https://gist.github.com/tthtlc/e0c4560fe8c609c7e34eb7cff48923e8):

The API from the Seccomp library are mainly “seccomp_rule_add()” , other APIs you are get from here:  https://libseccomp.readthedocs.io/en/latest/. and here:  https://man7.org/linux/man-pages/man3/seccomp_rule_add.3.html

And you can compile it via “gcc seccomp.c -lseccomp”.

These seccomp rules are implemented inside the kernel – which is linked to the task_struct thread structure:

Another good writeup on Seccomp internal is here:

http://terenceli.github.io/%E6%8A%80%E6%9C%AF/2019/02/04/seccomp

And overall summary is provided here:

https://man7.org/training/download/secisol_seccomp_slides.pdf

And if you are not from the same process, but from another process, the ptrace() mechanism will allow you to enumerate all the SECCOMP properties of the seccomp-ed process:

https://man7.org/tlpi/code/online/dist/seccomp/dump_seccomp_filter.c

References:

https://tthtlc.wordpress.com/2014/08/11/security-via-seccomp/

https://tthtlc.wordpress.com/2018/11/30/how-to-run-32-bit-docker-inside-64-bit-host-and-enabling-strace-and-other-apis/

https://tthtlc.wordpress.com/2014/07/25/seccomp-based-applications-analysis-and-debugging/

How do I disable the screensaver/lock in kali linux? – Super User

https://superuser.com/questions/1185747/how-do-i-disable-the-screensaver-lock-in-kali-linux

all solution don’t work…only one:

j