Bug 157380 - [Linux] Remove seccomp filters support
Summary: [Linux] Remove seccomp filters support
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: Other
Hardware: PC Linux
: P2 Normal
Assignee: Michael Catanzaro
Depends on:
Reported: 2016-05-05 12:08 PDT by Michael Catanzaro
Modified: 2016-05-10 11:09 PDT (History)
9 users (show)

See Also:

Patch (122.88 KB, patch)
2016-05-05 12:14 PDT, Michael Catanzaro
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2016-05-05 12:08:03 PDT
Remove seccomp filters support. Seccomp filters are an experimental feature that is not currently used in any port and just didn't pan out. This code is not currently secure, nobody is working on making it secure, and it requires a complete architectural rewrite as whitelisting individual files and syscalls is not reasonable or scalable. There are many actually secure Linux sandboxing tools around nowadays, e.g Bubblewrap, which should be investigated instead.

This is not to say that Linux sandboxing is unimportant, nor that seccomp filters are not an important component of a Linux sandbox. It is to say that seccomp filters are not suitable as the *primary* security mechanism in an effective sandbox. It was never intended for that role, anyway.
Comment 1 Michael Catanzaro 2016-05-05 12:14:02 PDT
Created attachment 278178 [details]
Comment 2 Csaba Osztrogonác 2016-05-10 07:32:23 PDT
Comment on attachment 278178 [details]

Let's land it, cq+
Comment 3 WebKit Commit Bot 2016-05-10 07:55:12 PDT
Comment on attachment 278178 [details]

Clearing flags on attachment: 278178

Committed r200621: <http://trac.webkit.org/changeset/200621>
Comment 4 WebKit Commit Bot 2016-05-10 07:55:18 PDT
All reviewed patches have been landed.  Closing bug.