On Sun, May 3, 2015 at 8:18 PM, Nicolas Bedos <[email protected]> wrote: > I am wondering if the seccomp system call [1] would be welcomed in the > OpenBSD tree. I remember it was among the subjects of last year's Google > Summer of Code. If there is still interest in having it implemented, I > am willing to work on it: I have a diff that creates the system call and > allows seccomp to be called with the SECCOMP_SET_MODE_STRICT operation. > It's a first step, the next (big) one would be BPF(4) syscall filtering. > > > [1] http://man7.org/linux/man-pages/man2/seccomp.2.html >
OpenBSD already has systrace. http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/systrace.4?query=systrace&arch=i386 If you have interest in this kind of stuff, I would advise looking at what is done in sshd, and more recently, file(1). (for file(1): see http://www.freshbsd.org/commit/openbsd/95b5f38db7636a4aaf9af03aaf0bd2019f8aa6cf).
