[Ur] Seccomp for Ur/Web-generated binaries
Adam Chlipala
adamc at csail.mit.edu
Wed Mar 18 11:29:03 EDT 2015
Sounds like a reasonable feature to add. I think, for me, it qualifies
as "happy to accept a patch adding this feature," but not "I'll plan to
do it myself."
On 03/18/2015 11:27 AM, Benjamin Barenblat wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Wednesday, March 18, 2015, at 10:57 am EDT, Adam Chlipala wrote:
>> Most real Ur/Web deployments so far use the C FFI to make system calls
>> that "pure" Ur/Web apps never could, so it would be important to make
>> the [seccomp] policy configurable, which probably requires some
>> extensions to, e.g., the .urp project-file format […]. How would you
>> see the Ur/Web programmer experience changing to facilitate Seccomp
>> usage?
> Ideally, it would be completely transparent modulo the settings you
> mention. Programmers shouldn’t have to mess with it unless they want to
> use the FFI. For backward compatibility, we could even disable it by
> default.
>
> We could add a directive to the project file to enable seccomp and to
> specify allowed system calls – something like
>
> seccomp_allow_only fstat,fork,mmap2
>
> which would turn on seccomp and allow fstat, fork, and mmap2 (in
> addition to the syscalls the various liburweb libraries need, of
> course).
More information about the Ur
mailing list