~hallyn/seccomp-ut-demo

Demo of seccomp user trap
close fd after connect
add unix sock redirection example

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~hallyn/seccomp-ut-demo
read/write
git@git.sr.ht:~hallyn/seccomp-ut-demo

You can also use your local clone with git send-email.

#seccomp-run

This is a little demo for running a binary under a seccomp user trap policy which will redirect network connections according to a custom configuration.

#Example

cat > /tmp/rules << EOF
REDIR   inet:9.9.9.9:9999 inet:0.0.0.0:4444
REJECT	inet:0.0.0.0:4445
EOF
sudo seccomp-run -f /tmp/rules bash

Now

nc -4 0.0.0.0 4445

will be refused, while

nc -4 9.9.9.9 9999

will result in a connection to 0.0.0.0:4444

This is just meant as a demo. It would be easy to extend this into a configurable personal firewall. On each new connection, it could ask how it should be handled (allow, deny, or redirct), and save that information for future re-use.