Application Sandboxing>Making your own policies/profiles: Add crabsecco

[dngray]

Discussed in https://github.com/privacyguides/privacyguides.org/discussions/1364

^{Originally posted by rusty-snake May 31, 2022}
Name: crabsecco
Repository: https://codeberg.org/crabjail/crabsecco
Author: me _{(I also maintain the libseccomp-rs crate)}
Where?: Application Sandboxing > Making your own policies/profiles
Description: crabsecco makes it easier to write and compile seccomp-bpf filters (as used by bubblewrap's --seccomp/--add-seccomp-fd arguments). It acts as a compiler which compiles seccomp-filters defined in a toml file to bpf/pfc filters which can be used with tools like bubblewrap/for debugging. This makes makes writing seccomp-bpf filters because you don't need to write (C-)code.

[dngray]

Initially I was thinking of doing #1861, however for most purposes (sandboxing user applications), I think a guide on this makes a lot more sense than creating AppArmor/SELinux policies.

Particularly with the direction of things like Flatpak, etc.

[dngray]

@rusty-snake would you be interested in contributing a blog article on how to use this tool.

I have not used this tool.

I think it could take the form, of an example article demonstrating usage.

[rusty-snake]

Hi, just going through my github todo list. I've interest but unfortunately no time.

[dngray]

What I might do is an article sandboxing some example application, a bit like the hello world examples that Fedora does.