Hello tor-dev,
For the past two couple of weeks, stage 2 has ended [1], and stage 3 has begun [2].
Stage 2 didn't change by much, apart from a few change requests from nickm.
As part of stage 3, some important changes were made:
- the structures involving how a sandbox configuration is being managed has changed, in order to allow multiple configurations; the sandbox type now consists of the syscall array of no-parameter filters, and a list of parameter syscall configurations; now each parameter syscall is handled as a function pointer and a list of parameters which are used with the function pointer in order to initialise that particular filter; this all may sound over-complicated, but it's actually a quite intuitive non-hacky version of what was going on before.
- a filter was developed (it's actually unexpectedly short) for worker threads only, and it is currently working just as it should in the stage 3 public branch
- currently I have updated the general filter to include the prctl filter required to allow loading other seccomp filters, which is necessary for the purpose of stage 3; there is also an option for a general filter which disallows any further filters to be loaded, and I am currently working at loading this updated filter at an optimum location.
I am planning to continue working on stage 3 past the hard deadline for the GSOC project, but when university starts I will probably prioritise studies over this project.
It has been a pleasure working for the tor project, I will keep contributing (either sandboxing related or otherwise), and will make sure to keep in touch on IRC.