Deprecated - A seccomp sandbox go package used by MIG modules (https://mig.ninja)

Перейти к файлу

Teodora Baluta 3394c4ba25 Rewrite exit checks for filter loading This issue fixes #5 - add code to check for two possible failure cases: filter context is invalid or seccomp syscall failed		2016-05-02 07:27:38 +03:00
tools	Moved C code to C files and headers.	2016-01-07 18:33:18 +02:00
vendor/github.com/seccomp/libseccomp-golang	Fixing vendoring.	2016-01-14 21:14:54 +02:00
LICENSE	Add Mozilla Public License v2 to project	2015-12-30 22:18:09 +02:00
Makefile	Vendored seccomp.	2016-01-14 20:28:28 +02:00
README.md	Update README.md	2016-02-11 21:20:27 +02:00
sandbox.go	Fixing linux now.	2016-01-21 22:04:16 +02:00
sandbox_linux.go	Rewrite exit checks for filter loading	2016-05-02 07:27:38 +03:00
signal_handler.c	Fixing linux now.	2016-01-21 22:04:16 +02:00
signal_handler.h	Moved C code to C files and headers.	2016-01-07 18:33:18 +02:00
syscall_mappings.h	Moved C code to C files and headers.	2016-01-07 18:33:18 +02:00

README.md

MIG Agent Sandboxing

Overview

This is the MIG Sandbox Project repository. As the name implies, it is a sandbox for the MIG Agent modules.

The implementation is written in Go, in order to be fully compatible with MIG.
Functionality is achieved by applying seccomp filters (Linux) and constructing sandbox profiles for each module to define behavior through whitelisting syscalls.

Dependencies

The following requirements must be met in order to sandbox MIG:

Go v1.5
libseccomp v2
libseccomp go bindings

Links

Official MIG Repository
Mozilla Wiki Page