seccomp vs ptrace

From: Serge E. Hallyn
Date: Wed Mar 18 2015 - 17:30:14 EST

Next message: Linus Torvalds: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Previous message: Mike Snitzer: "Re: [PATCH v2 1/3] init: Export name_to_dev_t and mark it const"
Next in thread: Kees Cook: "Re: seccomp vs ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm writing to ask about

The seccomp check will not be run again after the tracer is
notified. (This means that seccomp-based sandboxes MUST NOT
allow use of ptrace, even of other sandboxed processes, without
extreme care; ptracers can use this mechanism to escape.)

This basically means that seccomp cannot be safely used with for instance
an upstart based container. I've been told that Andy was working on
changing the order so that ptrace checks would be done before seccomp.
Is there any update on that? Is it likely to happen? Scrapped?

thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Previous message: Mike Snitzer: "Re: [PATCH v2 1/3] init: Export name_to_dev_t and mark it const"
Next in thread: Kees Cook: "Re: seccomp vs ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]