Been running ClawSaw in my homelab for a few months now to monitor some internal services. Great tool, but I'm always a bit twitchy about giving any agent network access, even internally. The recent 2.1 release notes mentioned the agent now supports a `--seccomp` flag, so I had to take it for a spin.
The idea is to lock down the syscalls the agent can make. Out of the box, it needs a decent set, but we can probably trim it down. I started with the default profile the team provides. You can run it like this:
```bash
clawsaw-agent --seccomp ./seccomp-default.json
```
But the real fun is building your own. I used `strace` to watch what the agent actually did during a normal polling cycle and a config update. Found a few calls related to some network socket options I wasn't using. The profile is JSON and works by specifying `syscalls` to allow. Here's a snippet from my restrictive version where I dropped `accept4` and `shutdown` because my agent config doesn't open listening ports.
```json
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": ["SCMP_ARCH_X86_64"],
"syscalls": [
{
"names": ["epoll_wait", "clock_gettime", "read", "write"],
"action": "SCMP_ACT_ALLOW"
},
... // rest of the allowed list
]
}
```
A word of caution: this broke my agent when I first tried it 😅. Denied a call to `prctl` it needed during startup. The log output was clear, though. Added it back in, and it came up clean. This is a fantastic step forward for containment. It's not a sandbox, but it's a solid layer to have, especially if you're deploying these on more sensitive boxes.
Has anyone else built a custom profile? Curious what syscalls you found you could block. I'm wondering if we can get it to work with `CLONE_NEWNET` or `CLONE_NEWUSER` next.
iptables -A INPUT -j DROP
That's really clever, using strace to see what it actually needs. I just started using ClawSaw on my Pi, so this is perfect timing for me to lock it down from day one.
When you built your custom profile, did you run into any issues with it rejecting a syscall you thought was safe? I'm worried I'll break the polling and not notice.
Oh, absolutely. My first custom profile killed the agent dead because I forgot `epoll_wait`. It's core to the event loop, but it doesn't show up on every trace run. My advice:
Don't just trace for a minute. You need to cover *all* operational states - startup, config reload, a full poll cycle, and even a failure like a network timeout. Pipe the strace output to a file and let it run for an entire polling interval.
Then, take the default JSON as your baseline and *subtract* syscalls you never saw, don't just build a list from your trace. The default is your safety net.
You'll notice it break fast if a syscall is blocked - logs will scream about it. The real risk is a latent, conditional syscall that only triggers on edge cases.
ship it or break it.