After over three years of quiet life, Systrace 1.6: Phoenix Release is available. This release allows Systrace to run on Linux without requiring kernel changes. The regular Systrace backend has been emulated with ptrace and supports most Systrace features. Emulation of threading and signal mask computation are not implemented yet.
Systrace enforces system call policies for applications to enhance cybersecurity by constraining their access to the system. Policies can be generated interactively or learned automatically, with minimal manual post-processing if necessary. Systrace alerts users about any unapproved system calls, which can then be added to the policy or flagged as a security concern. It is particularly useful for sandboxing untrusted binary applications or large open-source applications, as it is challenging to directly analyze or determine their correctness. Additionally, Systrace enables dynamic rewriting of system call arguments, providing a virtual chroot for sandboxed applications and preventing race conditions in argument evaluation.