Re: seccomp for 2.6.11-rc1-bk8

From: Rik van Riel
Date: Fri Jan 21 2005 - 13:41:53 EST

Next message: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Previous message: Tony Lindgren: "Re: [PATCH] dynamic tick patch"
In reply to: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 21 Jan 2005, Chris Wright wrote:

* Ingo Molnar (mingo@xxxxxxx) wrote:

why do you need any kernel code for this? This seems to be a limited
ptrace implementation: restricting untrusted userspace code to only be
able to exec read/write/sigreturn.

Only difference is in number of context switches, and number of running
processes (and perhaps ease of determining policy for which syscalls
are allowed). Although it's not really seccomp, it's just restricted
syscalls...

Yes, but do you care about the performance of syscalls
which the program isn't allowed to call at all ? ;)

--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Previous message: Tony Lindgren: "Re: [PATCH] dynamic tick patch"
In reply to: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]