Google created seccomp-bpf which is crucial to a meaningful sandbox and has no e... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

strcat on March 8, 2015 | parent | context | favorite | on: Google Chromium drops support for Linux 3.16 and e...

Google created seccomp-bpf which is crucial to a meaningful sandbox and has no equivalent on other platforms. It was not an obvious innovation or it would have been done years earlier. It exists because someone paid by Google to improve Chromium security had the epiphany that BPF would be a good way to filter system calls.

RaleyField on March 8, 2015 [–]

Isn't seccomp-bpf similar to OpenBSD's (failed) systrace? Both are basically filters for system calls if I'm not mistaken.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact