Syd: An Introduction to Secure Application Sandboxing for Linux

Day 1 | 10:30 | 00:30 | UB4.132 | Ali Polatel


Note: I'm reworking this at the moment, some things won't work.

The stream isn't available yet! Check back at 10:30.

In this talk, I will introduce Syd, a GPL-3 licensed, rock-solid application kernel designed for sandboxing applications on Linux systems (version 5.19 and above). Over the past 16 years, Syd has evolved from a tool used within Exherbo Linux to detect package build mishaps into a robust security boundary for applications. The recent rewrite in Rust leverages modern Linux APIs such as seccomp-unotify(2), openat2(2), and pidfd_getfd(2) to eliminate time-of-check to time-of-use (TOCTTOU) vulnerabilities, which is essential for building a secure sandbox.

Syd aims to provide a simple interface over complex Linux sandboxing mechanisms -- including Landlock LSM, namespaces, ptrace(2), and seccomp-BPF/Notify -- which are often considered brittle and difficult to use. This approach is somewhat similar to OpenBSD's pledge(2) system call, offering a practical way to restrict application behavior. Unlike other sandboxing tools like Falco, Bubblewrap, Firejail, gVisor, and minijail, Syd operates without requiring extra privileges, SETUID binaries, or privileged kernel context. It adheres to the UNIX philosophy of doing one thing well with the least privilege necessary.

The presentation will cover Syd's key features:

  • Path Sandboxing: Controls filesystem access through various operations including read, write (with append-only paths and path masking), stat (aka path hiding), tmpfile creation, attribute changes, truncation, node creation, file creation, and deletion.
  • Execution Control: Implements exec sandboxing with SegvGuard, force sandboxing for verified execution, and Trusted Path Execution to enforce strict execution policies.
  • Network Sandboxing: Restricts network access, supporting UNIX, IPv4, IPv6, Netlink, and KCAPI sockets, along with application firewalls and IP blocklists.
  • Advanced Features: Includes lock sandboxing using Landlock LSM, proxy sandboxing with network namespace isolation (defaulting to TOR), memory and PID sandboxing as simpler alternatives to control groups, SafeSetID for secure UID/GID transitions, and Ghost mode for enhanced process isolation.

I will also discuss how Syd addresses common security challenges such as TOCTOU issues and side-channel attacks, aligning with a threat model similar to that of seccomp. Attendees will gain insights into the design and implementation of Syd, its practical applications in enhancing system security, and how it can be integrated into various environments -- including as a login shell -- to provide robust application isolation.