On Wed, Jul 16, 2014 at 9:00 PM, Paul Moore <[email protected]> wrote: > On Tuesday, June 10, 2014 11:40:09 PM Kees Cook wrote: >> Hi, >> >> I've been working upstream on adding an API for seccomp to gain the >> ability to synchronize all threads to the same seccomp filter. >> Originally this was a new prctl, but it was recommended to be a full >> syscall now. Anyway, I wanted to give a heads-up here for when this >> lands, in case anyone had thoughts or concerns on the current patch >> series on lkml starting at: >> https://lkml.org/lkml/2014/6/10/837 > > Hi Kees, > > I apologize for not having the time to offer up any serious review or comment > on the different threads.
No worries at all! Most of the review has been with making sure I've actually got locking done correctly. :) > I see you posted v11 today, and I'm guessing that > will be the final version? I've got my fingers crossed! > In general the new seccomp() syscall looks fine to me, nothing too different > from how we do things with prctl() now, just a new syscall. The thread sync > ability is a nice new idea and something we will want to support with > libseccomp in the future (toggle an attribute?) but we'll obviously have to > wait until the code is merged into the kernel. Certainly. It seems like moving to the syscall by default with prctl as fallback, maybe? I'm not sure how you'll want to expose the thread-sync feature. > Regardless, thanks for you work on this upstream. You bet! Thanks for libseccomp! :) -Kees -- Kees Cook Chrome OS Security ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
