Re: seccomp for 2.6.11-rc1-bk8

From: David Wagner
Date: Fri Jan 21 2005 - 14:01:54 EST

Next message: Stuart Brady: "[PATCH] include/linux/soundcard.h: AFMT_S16_NE macro"
Previous message: Pavel Machek: "Re: [PATCH] dynamic tick patch"
In reply to: Andrea Arcangeli: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chris Wright wrote:
>Only difference is in number of context switches, and number of running
>processes (and perhaps ease of determining policy for which syscalls
>are allowed). Although it's not really seccomp, it's just restricted
>syscalls...

There is a simple tweak to ptrace which fixes that: one could add an
API to specify a set of syscalls that ptrace should not trap on. To get
seccomp-like semantics, the user program could specify {read,write}, but
if the user program ever wants to change its policy, it could change that
set. Solaris /proc (which is what is used for tracing) has this feature.
I coded up such an extension to ptrace semantics a long time ago, and
it seemed to work fine for me, though of course I am not a ptrace expert.

I don't know whether ptrace + this tweak is a better idea than seccomp.
It is just another option out there that achieves similar functionality.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stuart Brady: "[PATCH] include/linux/soundcard.h: AFMT_S16_NE macro"
Previous message: Pavel Machek: "Re: [PATCH] dynamic tick patch"
In reply to: Andrea Arcangeli: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: Chris Wright: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]