-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ptrace in bwrap #511
Comments
Please attach information to issue reports as text rather than videos, unless a video is the only way to show the information you're providing, so that maintainers aren't waiting for the video of your typing. I'm not going to watch a 16 minute video for your benefit. The most useful template for a bug report is:
#521 is an excellent example (even though its resolution was "this is working as designed" rather than a bug fix). |
Some general thoughts on things that might be going wrong for you: You seem to be using a seccomp filter of some sort to filter syscalls. ptrace is a syscall, so if you are trying to call ptrace inside the bwrap sandbox, your seccomp filter will need to allow it. Also, please familiarize yourself with the sections of the |
Hello everyone,
I'm working on a script that helps me to create bwrap profiles. The script collects all dependencies (files, folders, libraries), environment variables and syscalls from a given command.
There is third party software that collects private information, like Android Studio. So, I want to create profiles in a sandbox.
The problem is that strace does not work on bwrap. I tried with
CAP_SYS_ADMIN
andCAP_SYS_PTRACE
but I get:Here is a video of how the script works (if someone wants it, I will share the source code)
sandbox-av1.mp4
The text was updated successfully, but these errors were encountered: