Re: seccomp for 2.6.11-rc4

[Herbert Poetzl]

On Tue, Feb 15, 2005 at 10:32:44AM +0100, Andrea Arcangeli wrote:
> Hello,
> 
> This is the latest version against 2.6.11-rc4:
> 
> 	http://www.kernel.org/pub/linux/kernel/people/andrea/patches/v2.6/2.6.11-rc4/seccomp
> 
> I'd need it merged into mainline at some point, unless anybody has
> strong arguments against it. All I can guarantee here, is that I'll back
> it out myself in the future, iff Cpushare will fail and nobody else
> started using it in the meantime for similar security purposes.

hmm, just an idea, but have you thought about using
an indirect syscall table for your purposes?

 current->syscall_table 

and have a table for every 'mode' you want to use ...

or maybe have a 'mask' for every syscall (in a 
separate table) which describes the allowed 'modes'

just because checking the syscall number in a loop
doesn't look very scaleable to me ... 

best,
Herbert

> Thanks.
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/