I'm planning to use seccomp to make a sandbox for untrusted code. Does the seccomp framework play nicely with a utrace-based syscall filter like the proof-of-concept seccomp replacement Roland McGrath published at the following URL?
http://www.redhat.com/archives/utrace-devel/2009-March/msg00159.html I'm considering an arrangement like this because some vulnerabilities which affect seccomp have turned up (http://www.redhat.com/archives/utrace-devel/2009-March/msg00159.html). Most of them revolve around poorly treated syscalls, so an independent layer of syscall filtering seems prudent. (This is in addition to a restrictive linux container and AppArmor profile. Suggestions for further precautions are welcome.) Sincerely, Jason Rong
