Seccomp (secure computing)

Seccomp is a feature in the Linux kernel that allows processes to restrict their functionality. It is a one-way ticket that restricts the available syscalls to only exit(2), sigreturn(2), read(2) and write(2), and sigreturn(2). If the process attempts to use a different syscall, it will be flagged or terminated.

The related call for this:

prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);

Originally, the Linux kernel had seccomp enabled via the prctl(2) system call. It uses the PR_SET_SECCOMP operation value to enable the functionality. Since Linux kernel 3.17i, seccomp mode can be used via the seccomp(2) system call.

Well-known software that uses seccomp includes:

• Docker
• Flatpak
• QEMU
• snap
• systemd
• Tor

Seccomp-bpf

An alternative method is seccomp-bpf, or seccomp with filters. It uses BPF for applying the filters. When using prctl, it looks like this in code:

prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, prog);

Well-known software that uses seccomp-bfp includes:

• Android
• Chrome
• Firefox
• OpenSSH
• vsftp