Sandboxing
What is sandboxing?
Sandboxing untrusted code is useful when you have to rely on third-party developed software where you don't have access to source code, or you don't have resources to perform a source code assessment. Sandboxing can also be useful as an additional security boundary for your own code.
What is seccomp?
seccomp is a Linux kernel facility that restricts a process's system calls to only allow exit, sigreturn, read, and write. If a process attempts to execute another syscall, it will be terminated.
What is secomp-bpf?
The seccomp-bpf extension allows more flexibility than seccomp. Instead of allowing a fixed set of syscalls, seccomp-bpf runs a BPF program on the syscall data and depending on the program's return value, it can execute the syscall, skip the syscall and return a dummy value, terminate the process, generate a signal, or notify the tracer.
What is Sandbox2?
Sandbox2 is an open-source C++ security sandbox for Linux written by security engineers at Google. With Sandbox2 you can restrict the runtime environment to the minimum required for genuine operations, thus limiting the impact of potential code execution vulnerabilities.
Sandbox2 relies on seccomp-bpf.
https://developers.google.com/code-sandboxing/sandbox2
Sandbox Executor vs Sandboxee
- The Sandbox Executor is a process that is not sandboxed itself. It's the
ptracetracer process that attaches to the Sandboxee (ptracetracee process). - The Sandboxee is the process which runs in the restricted, sandboxed environment which was defined by the Sandbox Policy.