seccomp-nurse: secure sandbox on Linux


seccomp-nurse is a sandboxing framework based on SECCOMP. It is designed to run applications in a kind of jail (enforced by the kernel). It does not use ptrace() at all.


seccomp-nurse uses two processes, one running the "untrusted code" and the other is the helper, it is the referee between the untrusted process and the kernel.

seccomp-nurse architecture: two threads, two processes
Global architecture of seccomp-nurse

Because a SECCOMP process can only call read, write, sigreturn and _exit, this is insufficient to execute even the simplest binary. To work around this limitation, the untrusted process is splitted into two threads (called untrustee and trustee):

The helper is a Python application implementing access control: when a syscall is called in the untrustee, the helper is notified and takes the decision to deny, deleguate it to the trustee or let the untrustee execute the syscall (if the syscall executed by the untrustee is not allowed by the kernel, it will be killed by SIGKILL).

How to use it?

  $ git clone git://
  $ cd seccomp-nurse/
  $ make
  $ ./sanbdox -- /usr/bin/python

Easy, isn't it?


Here is a demonstration of seccomp-nurse running the python interpreter in the sandbox. The purpose of this video is to show the ACL engine configured to restrict the open() syscall to whitelisted directories only (/secret not being included obviously). However, access() ACL was configured to always return "OK", thus, it is accessible from the interpreter.


Current limitations

At the moment, there is no security check implemented. The sandbox is wide open! It will be the next step.




No release has been made yet but you can clone the development repository!


seccomp-nurse is a free software available under the GNU Public Licence 2! Sources are availables on github:


This work was funded by the European Commission under contract IST-FP6-033576 (through the XtreemOS project) and EADS Innovation Works.