pick icon indicating copy to clipboard operation
pick copied to clipboard
verified publisher icon mptre

Sandbox abstraction proposal

Open mptre opened this issue 8 years ago • 4 comments

Related to GitHub issue #269 and #271.

mptre avatar Jan 01 '18 19:01 mptre

This is really cool! Thanks for the great work @DBOTW and @mptre. Should #274 be merged into the branch for this PR?

It's not clear to me why the build is failing or why it's not outputting "disallowed syscall" messages.

calleluks avatar Jan 11 '18 09:01 calleluks

It's not clear to me why the build is failing or why it's not outputting "disallowed syscall" messages.

I've been trying to figure out why the disallowed message doesn't show up on Travis. Even strace:ing pick shows that the write call succeeds. I got a bit reluctant to shipping support for seccomp after reading this. The plan was to make make check || cat test-suite.log output the missing syscall to ease debugging on platforms experiencing failures.

mptre avatar Jan 13 '18 08:01 mptre

I got a bit reluctant to shipping support for seccomp

seccomp should be disabled by default but can be used with --enable-seccomp ... (latest https://github.com/calleerlandsson/pick/pull/274 has been modified accordingly)

ghost avatar Jan 14 '18 09:01 ghost

Quoting https://github.com/google/sanitizers/issues/777#issuecomment-284220988:

Our general suggestion is to disable any sandboxes in sanitizer builds.

... I'm doing so in latest https://github.com/calleerlandsson/pick/pull/274 ...

ghost avatar Jan 17 '18 18:01 ghost