Getting away from libseccomp

Question

Getting away from libseccomp

utam0k opened this issue 4 months ago · comments

We will start looking into the possibility of implementing our own seccomp. libseccomp dependency issues have erupted in various places.
It would not be necessary to actually support that many architectures. However, we only need to know the number of the system call for each archs.

Toru Komatsu · Answer 1 · Wed Mar 06 2024 20:18:25 GMT+0800 (China Standard Time)

I'll give it a try to implement PoC

Jorge Prendes · Answer 2 · Wed Mar 06 2024 20:23:51 GMT+0800 (China Standard Time)

That's great!
Particularly, as libseccomp is LGPL licensed.
I know runc adds the libseecomp tarbal to their release due to static builds (see here), something we don't currently do.

Yashodhan · Answer 3 · Thu Mar 07 2024 00:12:17 GMT+0800 (China Standard Time)

This would be great! Let me know if I can help in any way 💜

Yashodhan · Answer 4 · Thu Apr 11 2024 15:07:52 GMT+0800 (China Standard Time)

Hey, we should also take a look at https://github.com/rust-vmm/seccompiler

Toru Komatsu · Answer 5 · Thu Apr 11 2024 21:25:57 GMT+0800 (China Standard Time)

Hey, we should also take a look at https://github.com/rust-vmm/seccompiler

Thanks for sharing. I have already checked it but it doesn't support seccomp notify.