glen3b
commented
4 years ago Looks like writing a wrapper to set seccomp policy shouldn't be too hard.
Open reberhardt7 opened 4 years ago
glen3b
commented
4 years ago Looks like writing a wrapper to set seccomp policy shouldn't be too hard.
Ptrace is a really complex syscall with a very large attack surface and a history of vulnerabilities. Also, I don't think there's much reason that user programs on cplayground should need it.
The container still needs to be able to invoke ptrace in order to run the cplayground debugger (we run gdb inside of the container), but ideally, we would prevent the user program from calling ptrace. We can accomplish this by tightening the seccomp profile used to execute the user program (or there may be some other simpler way to do it).