Open Source Summit + ELC Europe 2019

Filesystem (FS) sandboxing is a useful technique to protect sensitive data from untrusted binaries. However, existing approaches do not allow fine-grained control over policy enforcement (e.g., seccomp), require sudo privileges (e.g., SELinux), incur high performance overhead (e.g., ptrace, FUSE), or are prone to TOCTTOU bugs (e.g., syscall interposition).

We combine eBPF with WrapFS to provide a lightweight, fine-grained FS sandboxing framework called SandFS for unprivileged users and containers. It is a stackable kernel FS that can safely be extended at runtime from user space using eBPF framework to enforce custom security policies in the kernel and offer native performance.

Unprivileged users can use SandFS for protecting private files (e.g., ssh keys) while executing untrusted binaries (e.g., ML models). Web browsers can enforce custom access checks to protect private data from extensions. Containers can be hardened by mounting a separate sandboxing FS layer for each service.