| ▲ | pornel a day ago | |
There's a need for some portable and composable way to do sandboxing. Library authors you can't configure seccomp themselves, because the allowlist must be coordinated with everything else in the whole process, and there's no established convention for negotiating that. Seccomp has its own pain points, like being sensitive to libc implementation details and kernel versions/architectures (it's hard to know what syscalls you really need). It can't filter by inputs behind pointers, most notably can't look at any file paths, which is very limiting and needs even more out-of-process setup. This makes seccomp sandboxing something you add yourself to your application, for your specific deployment environment, not something that's a language built-in or an ecosystem-wide feature. | ||
| ▲ | silon42 13 hours ago | parent [-] | |
To be properly useful as a sandbox, it would be nice to have a tool that would run another process/executable in a sandboxed environment. Basically a tool that would allow to run flatpaks/AppImages/ etc... Maybe firejail already does all that can be done without using a VM. | ||