On Tuesday, June 10, 2014 11:40:09 PM Kees Cook wrote: > Hi, > > I've been working upstream on adding an API for seccomp to gain the > ability to synchronize all threads to the same seccomp filter. > Originally this was a new prctl, but it was recommended to be a full > syscall now. Anyway, I wanted to give a heads-up here for when this > lands, in case anyone had thoughts or concerns on the current patch > series on lkml starting at: > https://lkml.org/lkml/2014/6/10/837
Hi Kees, I apologize for not having the time to offer up any serious review or comment on the different threads. I see you posted v11 today, and I'm guessing that will be the final version? In general the new seccomp() syscall looks fine to me, nothing too different from how we do things with prctl() now, just a new syscall. The thread sync ability is a nice new idea and something we will want to support with libseccomp in the future (toggle an attribute?) but we'll obviously have to wait until the code is merged into the kernel. Regardless, thanks for you work on this upstream. -Paul -- paul moore security and virtualization @ redhat ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
