Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system callfiltering

From: Frederic Weisbecker
Date: Thu Apr 28 2011 - 10:29:15 EST

Next message: Arnd Bergmann: "Re: [Linaro-mm-sig] [RFC] ARM DMA mapping TODO, v1"
Previous message: Wu Fengguang: "Re: [PATCH 00/12] IO-less dirty throttling v7"
In reply to: Will Drewry: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering"
Next in thread: Will Drewry: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 27, 2011 at 10:08:47PM -0500, Will Drewry wrote:
> This change adds a new seccomp mode based on the work by
> agl@xxxxxxxxxxxxx This mode comes with a bitmask of NR_syscalls size and
> an optional linked list of seccomp_filter objects. When in mode 2, all

Since you now use the filters. Why not using them to filter syscalls
entirely rather than using a bitmap of allowed syscalls?

You have the "nr" field in syscall tracepoints.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: [Linaro-mm-sig] [RFC] ARM DMA mapping TODO, v1"
Previous message: Wu Fengguang: "Re: [PATCH 00/12] IO-less dirty throttling v7"
In reply to: Will Drewry: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering"
Next in thread: Will Drewry: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]