Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter

From: Christian Brauner
Date: Fri May 29 2020 - 04:00:16 EST

Next message: John Hubbard: "Re: [PATCH] staging: gasket: Convert get_user_pages*() --> pin_user_pages*()"
Previous message: Luis Chamberlain: "Re: [PATCH v5 5/7] blktrace: fix debugfs use after free"
In reply to: Kees Cook: "Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter"
Next in thread: Christian Brauner: "Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 29, 2020 at 12:56:50AM -0700, Kees Cook wrote:
> On Fri, May 29, 2020 at 09:51:37AM +0200, Christian Brauner wrote:
> > Aside from this being not an issue now, can we please not dump seccomp
> > filter contents in proc. That sounds terrible and what's the rationale,
> > libseccomp already let's you dump filter contents while loading and you
> > could ptrace it. But maybe I'm missing a giant need for this...
>
> The use-case comes from Android wanting to audit seccomp filters at
> runtime. I think this is stalled until there is a good answer to "what
> are you going to audit for, and how, given raw BPF?"

Doing this in proc seems very suboptimal why isn't this simply an
extension to the seccomp syscall (passing in a struct with the target's
pid or pidfd for example) to identify the target? But yeah, if there's
no real audit strategy all of that seems weird.

Christian

Next message: John Hubbard: "Re: [PATCH] staging: gasket: Convert get_user_pages*() --> pin_user_pages*()"
Previous message: Luis Chamberlain: "Re: [PATCH v5 5/7] blktrace: fix debugfs use after free"
In reply to: Kees Cook: "Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter"
Next in thread: Christian Brauner: "Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]