Meta: Investigate Seccomp profiles on Linux
ADKaster opened this issue · 0 comments
ADKaster commented
We should look into how other browsers implement seccomp and other syscall-sandboxing measures for their different process classes.
We should be able to abstract this in a way that's similar to how SerenityOS/OpenBSD's pledge works, to not go crazy with massive syscall list files.
Ideally we would be able to sandbox the WebContent/WebWorker, RequestServer, ImageDecoder, and any future GPU process in a way that they have privileges limited. Locking down at least the ability to create new IPC sockets and requiring those to come from the UI process would be a good first step.
We should also look into similar features for other operating systems.