[HN Gopher] Reliable system call interception
       ___________________________________________________________________
        
       Reliable system call interception
        
       Author : todsacerdoti
       Score  : 42 points
       Date   : 2025-01-05 15:58 UTC (7 hours ago)
        
 (HTM) web link (blog.mggross.com)
 (TXT) w3m dump (blog.mggross.com)
        
       | IshKebab wrote:
       | I've looked into using Seccomp for this before for sandboxing. It
       | was kind of a mess. Very awkward to work with. Especially for
       | syscalls where the information you want isn't directly in the
       | parameters - e.g. for strings. You have to do some crazy stuff to
       | make that work.
       | 
       | Especially annoying because it only supports cBPF (Classic BPF)
       | which is very limited compared to eBPF. Apparently they aren't
       | ever going to add eBPF to more things since it is such a security
       | risk.
       | 
       | You may want to look into this if your use-case is not security
       | sensitive: https://docs.kernel.org/admin-guide/syscall-user-
       | dispatch.ht...
        
       ___________________________________________________________________
       (page generated 2025-01-05 23:00 UTC)