Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 02/16/2012 03:00 PM, Will Drewry wrote:
Without the addition of x32, it is still the intersection of is_compat_task()/TS_COMPAT and CONFIG_64BIT for all arches to determine if the call is 32-bit or 64-bit, but this will add another wrinkle. Would it make sense to assume that system call namespaces may be ever expanding and offer up an unsigned integer value?
This is definitely the most general solution.By the way, although most processes only use one set of system calls, there are legitimate reasons for cross-mode tasks, and those probably have a high overlap with the ones that would benefit from this kind of filtering facility, e.g. pin.
-hpa -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Site Home] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Linux FS] [Photo] [Yosemite] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]