6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Apply seccomp filter without hobbling spawning process\",\"text\":\"

Suppose we have a program spawner that is used to launch other programs with a seccomp filter. If one wants to deny the use of execve in app, could this be achieved by applying the filter to a thread within spawner and then spawner execves into app with the filter applied to app? If that won't work, then is there some other way that would?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Melab\"},\"upvoteCount\":2,\"answerCount\":0,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","linux",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/linux/1","children":"linux"}]}],["$","span","sandbox",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/sandbox/1","children":"sandbox"}]}],["$","span","seccomp",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/seccomp/1","children":"seccomp"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/33572e26daf9332df748776cdb2e2065?s=256&d=identicon&r=PG","alt":"Melab","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1953537/melab","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Melab"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",2852]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Apply seccomp filter without hobbling spawning process"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",29]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",0,")"]}],[]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","1158091",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1158091","className":"text-blue-600 hover:underline","children":"Defining a variable with or without export"}]}],["$","li","131303",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/131303","className":"text-blue-600 hover:underline","children":"How can I measure the actual memory usage of an application or process?"}]}],["$","li","9688200",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9688200","className":"text-blue-600 hover:underline","children":"Difference between shared objects (.so), static libraries (.a), and DLL's (.so)?"}]}],["$","li","726690",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/726690","className":"text-blue-600 hover:underline","children":"What killed my process and why?"}]}],["$","li","65153051",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/65153051","className":"text-blue-600 hover:underline","children":"Install seccomp filter in child"}]}],["$","li","62936109",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/62936109","className":"text-blue-600 hover:underline","children":"Why does loading seccomp filter affect permitted and effective capability set?"}]}],["$","li","57487618",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/57487618","className":"text-blue-600 hover:underline","children":"Why after load seccomp filter, PING will no work by normal user"}]}],["$","li","19828141",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19828141","className":"text-blue-600 hover:underline","children":"How does seccomp-bpf filter syscalls?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Apply seccomp filter without hobbling spawning process

Answers (0)

Related Questions