<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [Linux] Remove seccomp filters support"
href="https://bugs.webkit.org/show_bug.cgi?id=157380">157380</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[Linux] Remove seccomp filters support
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Other
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit2
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mcatanzaro@igalia.com
</td>
</tr></table>
<p>
<div>
<pre>Remove seccomp filters support. Seccomp filters are an experimental feature that is not currently used in any port and just didn't pan out. This code is not currently secure, nobody is working on making it secure, and it requires a complete architectural rewrite as whitelisting individual files and syscalls is not reasonable or scalable. There are many actually secure Linux sandboxing tools around nowadays, e.g Bubblewrap, which should be investigated instead.
This is not to say that Linux sandboxing is unimportant, nor that seccomp filters are not an important component of a Linux sandbox. It is to say that seccomp filters are not suitable as the *primary* security mechanism in an effective sandbox. It was never intended for that role, anyway.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>