On Fri, May 27, 2016 at 1:14 PM, Andy Lutomirski <l...@amacapital.net> wrote: > On Fri, May 27, 2016 at 12:52 PM, Andy Lutomirski <l...@amacapital.net> wrote: >>> Right, I know, it's aesthetically much nicer that way, but I really >>> want to stay totally paranoid and keep seccomp absolutely first on the >>> path. >>> >>> How about this: we'll use this patch as-is for now, since I'd like to >>> be able to start getting feedback from the container-using folks ASAP, >>> and then we can redesign the 2-phase system going forward from there. >>> >> >> I think I'd rather change the ABI as few times as possible. On the >> other hand, it's still early, and I see nothing wrong with adding it >> to -next. > > To get the ball rolling: > > https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/log/?h=seccomp > > It's incomplete, but it should be straightforward to finish it. The > only interesting bit is dealing with SECCOMP_RET_TRACE.
I did a bit more from there (though it needs further cleanup, I see my "const" fixes landed in the wrong patch), this passes my tests on x86, the other architectures need reordering and testing: http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=seccomp/reorder-ptrace -Kees -- Kees Cook Chrome OS & Brillo Security
