README
¶
MIG Agent Sandboxing
⚠️ Deprecation Notice ⚠️
Mozilla is no longer maintaining the Mozilla InvestiGator (MIG) project.
Mozilla is also no longer making use of this code internally.
You are welcome to use this code as is with no warranty. Please fork it to continue development.
Overview
This is the MIG Sandbox Project repository. As the name implies, it is a sandbox for the MIG Agent modules.
The implementation is written in Go, in order to be fully compatible with MIG.
Functionality is achieved by applying seccomp filters (Linux) and constructing sandbox profiles for each module to define behavior through whitelisting syscalls.
Dependencies
The following requirements must be met in order to sandbox MIG:
- Go v1.5
- libseccomp v2
- libseccomp go bindings
Links
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ActAllow = seccomp.ActAllow
View Source
var ActTrap = seccomp.ActTrap
Functions ¶
func Jail ¶
func Jail(sandboxProfile SandboxProfile)
Types ¶
type FilterAction ¶
type FilterAction string
type FilterOperation ¶
type FilterOperation struct {
FilterOn []string
Action seccomp.ScmpAction
Conditions []seccomp.ScmpCondition
}
type SandboxProfile ¶
type SandboxProfile struct {
DefaultPolicy seccomp.ScmpAction
Filters []FilterOperation
}
Source Files
Click to show internal directories.
Click to hide internal directories.