libc_service

Synopsis

local libc_service = require "libc_service"

Functions

`new() → libc_service.master, libc_service.slave`

Creates a new communication channel to proxy calls to libc. The master end is used to receive requests to ambient authority resources. The slave end must be sent to a process where ambient authority has been disabled (e.g. FreeBSD’s Capsicum) and libc functions have been overridden (e.g. runtime loader or linker tricks^[1]) to use the proxy.

libc_service is not a syscall firewall. It’s not a security feature that blocks access to system resources. It’s merely a compatibility tool that translates classic POSIX interfaces to run in a system designed around the capability-based security model (e.g. FreeBSD’s Capsicum).

This translation service is useful to make use of system libraries where it’s not feasible (nor desirable) to reimplement legacy code from scratch.

1. If your binary is linked against libemilua-libc-service then these tricks are already in place and ready to use. Nothing more to be done on your part.