GitHub - dborca/lsmsb: Linux Security Modules based sandboxing scheme

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 41 Commits
Makefile		Makefile
README		README
dia1.svg		dia1.svg
dia2.svg		dia2.svg
example-sandbox1.sb		example-sandbox1.sb
example-sandbox2.sb		example-sandbox2.sb
example-sandbox3.sb		example-sandbox3.sb
example-sandbox4.sb		example-sandbox4.sb
kernel-patch.diff		kernel-patch.diff
lsmsb-as.cc		lsmsb-as.cc
lsmsb-as.rl		lsmsb-as.rl
lsmsb-install.c		lsmsb-install.c
lsmsb-run.c		lsmsb-run.c
lsmsb.aw		lsmsb.aw
lsmsb.c		lsmsb.c
lsmsb.html		lsmsb.html
lsmsb_external.h		lsmsb_external.h
path.c		path.c
path.h		path.h
style.css		style.css

Repository files navigation

A Linux Sandboxing Scheme

This is LSMSB, a sandboxing scheme for Linux based on the ideas of the OS X
sandbox (which, in turn, was inspired by TrustedBSD and FreeBSD).

Imagine that you're working on a university computer and you get a binary which
promises to do some fiendishly complex calculation, reading from a file ./input
and writing to a file ./output. It also talks to a specific server to access a
pre-computed lookup table. You want to run it, but you don't want to have to
trust that it won't do anything malicious (save giving the wrong answer).

This code is incomplete, but currently you can take a sandbox specification
like this:

filter dentry-open {
  constants {
    etc-prefix = "/etc/";
  }

  ldc r2,etc-prefix;
  isprefixof r2,r2,r0;
  jnz r2,#fail;
  ldi r0,1;
  ret r0;
#fail:
  ldi r0,0;
  ret r0;
}

... and use it to remove access to /etc.

*** This code functions, but is incomplete ***

It's written in a literate programming style, but the derived sources are
included so that you don't have to bother with that in order to build. You'll
need a recent (> 2.6.30-rc1) kernel in order to apply the included patch. Once
you've applied the patch, drop lsmsb.c and path.[ch] into security/lsmsb and
configure CONFIG_SECURITY=y and CONFIG_DEFAULT_SECURITY="lsmsb"; then rebuild.
Some filters may require CONFIG_SECURITY_PATH=y and CONFIG_SECURITY_NETWORK=y.

You can assemble a sandbox file with:
  ./lsmsb-as sandbox-input.sb > sandbox
And then run a command in the sandbox with:
  ./lsmsb-run sandbox [COMMAND [ARG...]]

To read the code, see lsmsb.html

*** This code was forked from lsmsb by agl ***

// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

Where the aforementioned LICENSE file is:
http://src.chromium.org/viewvc/chrome/trunk/src/LICENSE?view=markup

Get the original code here http://github.com/agl/lsmsb
See the original code here http://www.imperialviolet.org/binary/lsmsb.html

*** Path functions are taken from AppArmor ***

Copyright (C) 1998-2008 Novell/SUSE
Copyright 2009-2010 Canonical Ltd.

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, version 2 of the
License.