Open ghost opened 1 month ago
Hey, I do not have a lot of context on libseccomp. Is this something you enable on the VMs or in the Rust program?
Hey, it's something we use along with rust app to limit syscall to kernel from the app itself.
How is it configured/enabled in this specific repo?
You can check an example imlpementation here in cloudflare's foundation: https://github.com/cloudflare/foundations/blob/afd9094db7581f6db79b64f2eee79458997bd1f0/foundations/build.rs#L96
I suggest integrating libseccomp to further enhance the security of the builder app. libseccomp is a BPF application in Linux that filters the kind of syscalls the application can make. For example: if the attacker somehow can run arbitrary code ( we ignore how they can do it ) through a bug within the application, they can make malicious syscalls like fork, execve. Think of it like a lightweight sandbox around the current application. TDX provides an overall secure VM blackbox, but it doesn't prevent bad code being exploited within the application. There will be a small performance hit since BPF is very lightweight, need to measure how much it is to work with TDX.