Re: [PATCH v2 1/1] userfaultfd/sysctl: add vm.unprivileged_userfaultfd

From: Luis Chamberlain
Date: Thu Mar 21 2019 - 09:43:44 EST

Next message: Jarkko Sakkinen: "Re: [PATCH 0/6] security/keys/encrypted: Break module dependency chain"
Previous message: David Howells: "[PATCH] vfs: Convert coda to fs_context"
In reply to: Andrea Arcangeli: "Re: [PATCH v2 1/1] userfaultfd/sysctl: add vm.unprivileged_userfaultfd"
Next in thread: Andrea Arcangeli: "Re: [PATCH v2 1/1] userfaultfd/sysctl: add vm.unprivileged_userfaultfd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 20, 2019 at 03:01:12PM -0400, Andrea Arcangeli wrote:
> but
> that would be better be achieved through SECCOMP and not globally.'.

That begs the question why not use seccomp for this? What if everyone
decided to add a knob for all syscalls to do the same? For the commit
log, why is it OK then to justify a knob for this syscall?

Luis

Next message: Jarkko Sakkinen: "Re: [PATCH 0/6] security/keys/encrypted: Break module dependency chain"
Previous message: David Howells: "[PATCH] vfs: Convert coda to fs_context"
In reply to: Andrea Arcangeli: "Re: [PATCH v2 1/1] userfaultfd/sysctl: add vm.unprivileged_userfaultfd"
Next in thread: Andrea Arcangeli: "Re: [PATCH v2 1/1] userfaultfd/sysctl: add vm.unprivileged_userfaultfd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]