mentored-projects

Clone
Source Code
GIT

#50 [Project Idea for GSoC 2019] Podman Container SECCOMP generation tool
Closed 6 years ago by bex. Opened 6 years ago by dwalsh.

Closed
Reopen Issue

This is a proposed project for Google Summer of Code

  • Skill level: Intermediate
  • Technology : Golang, Containers, Podman, Linux
  • Mentor(s): Dan Walsh, Valentin Rothberg

Contacts (IRC & email):

Dan Walsh [IRC: dwalsh, mail: dwalsh@redhat.com, twitter: rhatdan, github: rhatdan]
Valentin Rothberg [IRC: vrothberg, mail: rothberg@redhat.com, twitter: vlntnrthbrg, github: vrothberg]

Description

Most containers currently have a hard-coded default seccomp profile, that is pretty loose and meant to support a wide range of use-cases. The idea of this project is to build a tool that would watch all of the syscalls made within a container, and generate a seccomp profile for this specific container to further harden security. We would want to add a command to the Pod Manager (Podman) tool to basically launch the container and then collect a set of syscalls either through strace, or auditing, or similar tracing technologies.

As a GSoC intern, you will be responsible for the following tasks:

  • Engage in community discussions
  • Research how syscalls for a given workload (i.e., container) can be automatically traced (e.g., via strace)
  • Implement a prototype based on Podman
  • Collaborate with the mentors and the community to integrate the functionality upstream

Repo : https://github.com/containers/libpod

Metadata Update from @sumantrom:
- Issue tagged with: GSoC
6 years ago

listed on the ideas page - closing this

Metadata Update from @bex:
- Issue status updated to: Closed (was: Open)
6 years ago

@bex can you point me to the ideas page? I am rather new here and don't know where to look.

The page is here:
https://docs.fedoraproject.org/en-US/mentored-projects/gsoc/2019/ideas/
-- the site republishes automatically once an hour so give it time to
show up :) Refresh time is in the footer.

regards,

bex

On Wed, Feb 6, 2019 at 11:20 AM Valentin Rothberg pagure@pagure.io wrote:

vrothberg added a new comment to an issue you are following:
@bex can you point me to the ideas page? I am rather new here and don't know where to look.

To reply, visit the link below or just reply to this email
https://pagure.io/mentored-projects/issue/50

--
Brian (bex) Exelbierd | bexelbie@redhat.com | bex@pobox.com
Fedora Community Action & Impact Coordinator
@bexelbie | http://www.winglemeyer.org

Thanks a lot, bex!

You're welcome ... but credit to @Sumantro Mukherjee for doing the actual PR :)

On Wed, Feb 6, 2019 at 11:25 AM Valentin Rothberg pagure@pagure.io wrote:

vrothberg added a new comment to an issue you are following:
Thanks a lot, bex!

To reply, visit the link below or just reply to this email
https://pagure.io/mentored-projects/issue/50

--
Brian (bex) Exelbierd | bexelbie@redhat.com | bex@pobox.com
Fedora Community Action & Impact Coordinator
@bexelbie | http://www.winglemeyer.org

Log in to comment on this ticket.

Metadata
None

program - GSoC

None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.