Re: [PATCH v2 5/5] seccomp: add a way to attach a filter via eBPF fd

2015-09-11 Thread Tycho Andersen
On Fri, Sep 11, 2015 at 02:37:59PM +0200, Daniel Borkmann wrote: > On 09/11/2015 02:21 AM, Tycho Andersen wrote: > >This is the final bit needed to support seccomp filters created via the bpf > >syscall. The patch adds a new seccomp operation SECCOMP_MODE_FILTER_EBPF, > >which takes exactly one com

Re: [PATCH v2 5/5] seccomp: add a way to attach a filter via eBPF fd

2015-09-11 Thread Daniel Borkmann
On 09/11/2015 02:21 AM, Tycho Andersen wrote: This is the final bit needed to support seccomp filters created via the bpf syscall. The patch adds a new seccomp operation SECCOMP_MODE_FILTER_EBPF, which takes exactly one command (presumably to be expanded upon later when seccomp EBPFs support more

Re: [PATCH v2 5/5] seccomp: add a way to attach a filter via eBPF fd

2015-09-11 Thread Michael Kerrisk (man-pages)
On 11 September 2015 at 02:21, Tycho Andersen wrote: > This is the final bit needed to support seccomp filters created via the bpf > syscall. The patch adds a new seccomp operation SECCOMP_MODE_FILTER_EBPF, > which takes exactly one command (presumably to be expanded upon later when > seccomp EBPF

[PATCH v2 5/5] seccomp: add a way to attach a filter via eBPF fd

2015-09-10 Thread Tycho Andersen
This is the final bit needed to support seccomp filters created via the bpf syscall. The patch adds a new seccomp operation SECCOMP_MODE_FILTER_EBPF, which takes exactly one command (presumably to be expanded upon later when seccomp EBPFs support more interesting things) and an argument struct simi