Syswall: a firewall for syscalls
polaris64.netSounds a little bit like OpenBSD's pledge - was that a source of inspiration?
Yes, partially, although I wanted to create a more interactive system for end-users to reason about software. I wouldn't recommend it (certainly not yet at least) for system security, tools like seccomp and pledge will do a better job there.
Nice work. Just read this :-)
sounds like https://en.wikipedia.org/wiki/Systrace#Features
more ... http://www.citi.umich.edu/u/provos/systrace/
it didn't work out then, but best wishes to the new generation
What do you mean by it didn't work? Not adopted or are there implementation issues?
Also - for the OP. Don't be discouraged there's so many features to add, management, attribution, machine learning etc
There were some security issues in systrace. /http://www.watson.org/~robert/2007woot/
You're right; I hadn't come across systrace before actually, but it's very similar to what syswall is trying to achieve. I'll be sure to take a look!
How is this different from seccomp?
seccomp is a robust way of restricting a process's syscalls so that it can only do what you allow it to.
syswall is more of an interactive tool (similar to systrace as mentioned in another comment). The goal is not to replace seccomp (it's certainly not meant to provide complete security), but rather to allow users to reason about what a process is actually doing. For example, allowing users to see if a new version does something different from the previous, perhaps meaning that malicious code was added unexpectedly.