On Mon, Sep 14, 2015 at 06:48:43PM +0200, Daniel Borkmann wrote:
> On 09/14/2015 06:00 PM, Tycho Andersen wrote:
> >On Fri, Sep 11, 2015 at 08:28:19PM +0200, Daniel Borkmann wrote:
> >>I think due to the given insns restrictions on classic seccomp, this
> >>could work for "most cases" (see below) f
On 09/14/2015 06:00 PM, Tycho Andersen wrote:
On Fri, Sep 11, 2015 at 08:28:19PM +0200, Daniel Borkmann wrote:
I think due to the given insns restrictions on classic seccomp, this
could work for "most cases" (see below) for the time being until pointer
sanitation is resolved and that seccomp-onl
Hi Daniel,
On Fri, Sep 11, 2015 at 08:28:19PM +0200, Daniel Borkmann wrote:
> I think due to the given insns restrictions on classic seccomp, this
> could work for "most cases" (see below) for the time being until pointer
> sanitation is resolved and that seccomp-only restriction from the dump
> c
On 09/11/2015 07:33 PM, Tycho Andersen wrote:
On Fri, Sep 11, 2015 at 06:03:59PM +0200, Daniel Borkmann wrote:
On 09/11/2015 04:44 PM, Tycho Andersen wrote:
On Fri, Sep 11, 2015 at 03:02:36PM +0200, Daniel Borkmann wrote:
On 09/11/2015 02:20 AM, Tycho Andersen wrote:
In the next patch, we're
On Fri, Sep 11, 2015 at 06:03:59PM +0200, Daniel Borkmann wrote:
> On 09/11/2015 04:44 PM, Tycho Andersen wrote:
> >On Fri, Sep 11, 2015 at 03:02:36PM +0200, Daniel Borkmann wrote:
> >>On 09/11/2015 02:20 AM, Tycho Andersen wrote:
> >>>In the next patch, we're going to add a way to access the under
On 09/11/2015 04:44 PM, Tycho Andersen wrote:
On Fri, Sep 11, 2015 at 03:02:36PM +0200, Daniel Borkmann wrote:
On 09/11/2015 02:20 AM, Tycho Andersen wrote:
In the next patch, we're going to add a way to access the underlying
filters via bpf fds. This means that we need to ref-count both the
st
On Fri, Sep 11, 2015 at 03:02:36PM +0200, Daniel Borkmann wrote:
> On 09/11/2015 02:20 AM, Tycho Andersen wrote:
> >In the next patch, we're going to add a way to access the underlying
> >filters via bpf fds. This means that we need to ref-count both the
> >struct seccomp_filter objects and the str
On 09/11/2015 02:20 AM, Tycho Andersen wrote:
In the next patch, we're going to add a way to access the underlying
filters via bpf fds. This means that we need to ref-count both the
struct seccomp_filter objects and the struct bpf_prog objects separately,
in case a process dies but a filter is st
In the next patch, we're going to add a way to access the underlying
filters via bpf fds. This means that we need to ref-count both the
struct seccomp_filter objects and the struct bpf_prog objects separately,
in case a process dies but a filter is still referred to by another
process.
Additionall
9 matches
Mail list logo
