Hi Simon,

As part of my Google summer internship project I have implemented a sandbox
for dnsmasq, based on Linux seccomp-bpf and mount namespace, with tests and

Such sandbox provides defense in depth to dnsmasq, by restricting what
files it can access and which syscalls it can make, in case remote code
execution vulnerabilities are discovered in dnsmasq.

Would you be interested in reviewing my patches and maybe integrate them in

Please find attached my patch against master head, but let me know if there
is another way for us to review and discuss the change.

Kind regards,

Denis Solonkov

Attachment: dnsmasq_sandbox.patch.tar.gz
Description: application/gzip

Dnsmasq-discuss mailing list

Reply via email to