Core concept behind ujail

Registered by Stephan Peijnik on 2009-12-21

This blueprint should give an overview of the core concept behind ujail.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Essential
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

ujail's main concept is using ptrace to intercept "interesting" system calls and either emulate them or pass them on to the kernel.

"Interesting" is defined on a per-application level, and could for example be all socket-related system calls, file I/O system calls and so on.
Basically the ujail library should enable one to create a full sandbox and intercept *any* syscalls made whilst keeping its own resource usage and thus its overhead low.

It is not ujail's goal to fully emulate a kernel, but, as described, intercept only system calls that are interesting in the individual use case.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.