Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF

From: H. Peter Anvin
Date: Thu Feb 16 2012 - 19:44:36 EST

Next message: Indan Zupancic: "Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF"
Previous message: Benjamin Herrenschmidt: "Re: [PATCH V2 RESEND] fsl-sata: I/O load balancing"
In reply to: Andrew Lutomirski: "Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF"
Next in thread: Eric Paris: "Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/16/2012 03:00 PM, Will Drewry wrote:

Without the addition of x32, it is still the intersection of
is_compat_task()/TS_COMPAT and CONFIG_64BIT for all arches to
determine if the call is 32-bit or 64-bit, but this will add another
wrinkle. Would it make sense to assume that system call namespaces
may be ever expanding and offer up an unsigned integer value?

This is definitely the most general solution.

By the way, although most processes only use one set of system calls, there are legitimate reasons for cross-mode tasks, and those probably have a high overlap with the ones that would benefit from this kind of filtering facility, e.g. pin.

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Indan Zupancic: "Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF"
Previous message: Benjamin Herrenschmidt: "Re: [PATCH V2 RESEND] fsl-sata: I/O load balancing"
In reply to: Andrew Lutomirski: "Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF"
Next in thread: Eric Paris: "Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]