[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Linux and seccomp and Lua, or: List of implicit system calls?
- From: "Dr. Markus Walther" <walther@...>
- Date: Sun, 10 May 2009 20:22:24 +0200
"seccomp is a simple sandboxing mechanism for the Linux kernel.
It allows a process to make a one-way transition into a "secure" state
where it cannot make any system calls except exit(), read() and write()
to already-open file descriptors. Should it attempt any other system
calls, the kernel will terminate the process" (from Wikipedia)
I'm trying to find out whether this a feasible mechanism to use with Lua
Suppose therefore a process is running a Lua app, initializing itself
and setting up pipes as needed before setting the seccomp bit.
Now a programmer can easily deduce which system calls will be issued by
e.g. io.write/read/popen, or os.execute, and others. The same for using
libraries like e.g. luasocket.
Also, a custom memory allocator could be used to avoid memory allocation
system calls like brk().
But my question to the list and Lua implementors is this:
- what non-obvious, non-user-controlled system calls - if any - will be
triggered by pure Lua programs using only the standard libraries?
- if so, which language construct(s) would invoke these?
Thanks a lot in advance, Markus