kafel icon indicating copy to clipboard operation
kafel copied to clipboard
verified publisher icon google

Modernize architectures and generate seccomp policy for all architectures supported by host OS

Open basilgello opened this issue 5 years ago • 6 comments

Fixes #19

basilgello avatar Oct 12 '20 07:10 basilgello

@happyCoder92 @robertswiecki please review it and merge! This fixes a CVE used in many CTFs and also allows using nsjail as a Linux container replacement in fully rootless mode.

basilgello avatar Oct 12 '20 07:10 basilgello

Hi! Are you still going to work on this one? Seems there are more users requesting it and it would be nice to merge it soon :)

happyCoder92 avatar Apr 06 '21 13:04 happyCoder92

Hi! Yes, I noticed the request! Let me wrap around Android ASB & get back to it this weekend.

basilgello avatar Apr 06 '21 13:04 basilgello

Hi! I had a while to work on it and just commited multi-arch support. It still needs to be integrated with nsjail and perhaps exposed in new language constructs. Also I did not add x32 syscalls yet :)

happyCoder92 avatar Dec 23 '21 12:12 happyCoder92

Just a note: we're thankful someone's looked into this and it would be a shame if it stalled. Compiler Explorer relies on nsjail and thus kafel and we currently can't enable seccomp stuff without this PR. which would be nice!

mattgodbolt avatar Dec 01 '22 00:12 mattgodbolt

oh! OK @mattgodbolt I will resurrect this.

basilgello avatar Dec 01 '22 06:12 basilgello