On Tue, Feb 15, 2005 at 10:32:44AM +0100, Andrea Arcangeli wrote: > Hello, > > This is the latest version against 2.6.11-rc4: > > > http://www.kernel.org/pub/linux/kernel/people/andrea/patches/v2.6/2.6.11-rc4/seccomp > > I'd need it merged into mainline at some point, unless anybody has > strong arguments against it. All I can guarantee here, is that I'll back > it out myself in the future, iff Cpushare will fail and nobody else > started using it in the meantime for similar security purposes.
hmm, just an idea, but have you thought about using an indirect syscall table for your purposes? current->syscall_table and have a table for every 'mode' you want to use ... or maybe have a 'mask' for every syscall (in a separate table) which describes the allowed 'modes' just because checking the syscall number in a loop doesn't look very scaleable to me ... best, Herbert > Thanks. > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
