Changes

[http://mig.mozilla.org Mozilla InvestiGator (MIG)] is a digital forensics platform used by Mozilla to monitor the security of servers. MIG deploys an agent on systems that is used to maintain the security of the infrastructure. The agent currently runs as root in order to run investigation modules that have low-level access to the system. The goal of this project is to sandbox the MIG Agent on Linux in a way that allows each part to perform investigative work while having as little privileges as possible. The team will have to use the [https://en.wikipedia.org/wiki/Seccomp Linux Seccomp] mechanism, and the existing [https://chromium.googlesource.com/chromiumos/platform/go-seccomp/+/master Go library], to implement a sandbox in the Agent. If possible, the team will also evaluate sandboxing on MacOS and Windows.