Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-26 Thread Christian Brauner
On Mon, May 25, 2020 at 11:59:18PM -0700, Sargun Dhillon wrote: > On Mon, May 25, 2020 at 6:50 AM Christian Brauner > wrote: > > > > On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote: > > > This adds a seccomp notifier ioctl which allows for the listener to "add" > > > file

Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-26 Thread Sargun Dhillon
On Mon, May 25, 2020 at 6:50 AM Christian Brauner wrote: > > On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote: > > This adds a seccomp notifier ioctl which allows for the listener to "add" > > file descriptors to a process which originated a seccomp user > > notification. This

Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-25 Thread Christian Brauner
On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote: > This adds a seccomp notifier ioctl which allows for the listener to "add" > file descriptors to a process which originated a seccomp user > notification. This allows calls like mount, and mknod to be "implemented", > as the return

Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-24 Thread Al Viro
On Sun, May 24, 2020 at 05:27:58PM -0700, Sargun Dhillon wrote: > > if (addfd->fd >= 0) { > > ret = replace_fd(addfd->fd, addfd->file, addfd->flags); > > } else { > > ret = get_unused_fd_flags(addfd->flags); > > if (ret >= 0) > >

Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-24 Thread Sargun Dhillon
On Sun, May 24, 2020 at 5:05 PM Al Viro wrote: > > On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote: > > Bad refcounting rules. *IF* we go with anything of that sort (and I'm not > convinced that the entire series makes sense), it's better to have more > uniform rules re reference

Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-24 Thread Al Viro
On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote: > +static void seccomp_handle_addfd(struct seccomp_kaddfd *addfd) > +{ > + int ret; > + > + /* > + * Remove the notification, and reset the list pointers, indicating > + * that it has been handled. > + */ > +

Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-24 Thread Tycho Andersen
On Sun, May 24, 2020 at 05:57:32PM -0600, Tycho Andersen wrote: > On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote: > > +static void seccomp_handle_addfd(struct seccomp_kaddfd *addfd) > > +{ > > + int ret; > > + > > + /* > > +* Remove the notification, and reset the list

Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-24 Thread Tycho Andersen
On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote: > +static void seccomp_handle_addfd(struct seccomp_kaddfd *addfd) > +{ > + int ret; > + > + /* > + * Remove the notification, and reset the list pointers, indicating > + * that it has been handled. > + */ > +

[PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

2020-05-24 Thread Sargun Dhillon
This adds a seccomp notifier ioctl which allows for the listener to "add" file descriptors to a process which originated a seccomp user notification. This allows calls like mount, and mknod to be "implemented", as the return value, and the arguments are data in memory. On the other hand, calls