On Thu, Jun 14, 2018 at 02:55:03PM -0700, Matthew Helsley wrote:
> > + /*
> > +* Notification states. When SECCOMP_RET_USER_NOTIF is returned, a
> > +* struct seccomp_knotif is created and starts out in INIT. Once
> > the
> > +* handler reads the notification off of an
Hi Eric,
On Thu, Jun 14, 2018 at 04:53:51PM -0500, Eric W. Biederman wrote:
> >> static void seccomp_do_user_notification(...)
> >> {
> >> ...
> >> n.pid = get_task_pid(current, PIDTYPE_PID);
> >> ...
> >> remove_list:
> >> list_del(&n.list);
> >> put_pid(n.pid);
> >> ...
>
A few other piddly suggestions.
On Thu, May 31, 2018 at 08:49:46AM -0600, Tycho Andersen wrote:
> This patch introduces a means for syscalls matched in seccomp to notify
> some other task that a particular filter has been triggered.
>
> The motivation for this is primarily for use with containers
On Thu, May 31, 2018 at 08:49:46AM -0600, Tycho Andersen wrote:
> This patch introduces a means for syscalls matched in seccomp to notify
> some other task that a particular filter has been triggered.
>
> The motivation for this is primarily for use with containers. For example,
> if a container d
Tycho Andersen writes:
> On Thu, Jun 14, 2018 at 12:44:21PM -0700, Matthew Helsley wrote:
>> On Tue, Jun 12, 2018 at 4:16 PM, Tycho Andersen wrote:
>>
>> > Hi Matthew,
>> >
>> > On Tue, Jun 12, 2018 at 02:39:03PM -0700, Matthew Helsley wrote:
>> > > On Thu, May 31, 2018 at 7:49 AM, Tycho Anders
On Thu, Jun 14, 2018 at 12:44:21PM -0700, Matthew Helsley wrote:
> On Tue, Jun 12, 2018 at 4:16 PM, Tycho Andersen wrote:
>
> > Hi Matthew,
> >
> > On Tue, Jun 12, 2018 at 02:39:03PM -0700, Matthew Helsley wrote:
> > > On Thu, May 31, 2018 at 7:49 AM, Tycho Andersen wrote:
> > >
> > >
> > >
> >
On Wed, Jun 13, 2018 at 5:32 PM Jann Horn wrote:
>
> On Mon, Jun 4, 2018 at 2:18 AM Tycho Andersen wrote:
> >
> > Hi Jann,
> >
> > On Sun, Jun 03, 2018 at 08:41:01PM +0200, Jann Horn wrote:
> > > On Sun, Jun 3, 2018 at 2:29 PM Tycho Andersen wrote:
> > > >
> > > > This patch introduces a means f
On Mon, Jun 4, 2018 at 2:18 AM Tycho Andersen wrote:
>
> Hi Jann,
>
> On Sun, Jun 03, 2018 at 08:41:01PM +0200, Jann Horn wrote:
> > On Sun, Jun 3, 2018 at 2:29 PM Tycho Andersen wrote:
> > >
> > > This patch introduces a means for syscalls matched in seccomp to notify
> > > some other task that
Hi Matthew,
On Tue, Jun 12, 2018 at 02:39:03PM -0700, Matthew Helsley wrote:
> On Thu, May 31, 2018 at 7:49 AM, Tycho Andersen wrote:
>
>
>
>
> > +struct seccomp_notif {
> > + __u64 id;
> > + pid_t pid;
> > + struct seccomp_data data;
> > +};
> >
>
> Since it's part of the
Hi Jann,
On Sun, Jun 03, 2018 at 08:41:01PM +0200, Jann Horn wrote:
> On Sun, Jun 3, 2018 at 2:29 PM Tycho Andersen wrote:
> >
> > This patch introduces a means for syscalls matched in seccomp to notify
> > some other task that a particular filter has been triggered.
> >
> > The motivation for th
On Sun, Jun 3, 2018 at 2:29 PM Tycho Andersen wrote:
>
> This patch introduces a means for syscalls matched in seccomp to notify
> some other task that a particular filter has been triggered.
>
> The motivation for this is primarily for use with containers. For example,
> if a container does an in
This patch introduces a means for syscalls matched in seccomp to notify
some other task that a particular filter has been triggered.
The motivation for this is primarily for use with containers. For example,
if a container does an init_module(), we obviously don't want to load this
untrusted code,
12 matches
Mail list logo
