On Thu, Mar 1, 2018 at 1:59 PM, Andy Lutomirski wrote:
> On Thu, Mar 1, 2018 at 9:51 PM, Sargun Dhillon wrote:
>> On Thu, Mar 1, 2018 at 9:44 AM, Andy Lutomirski wrote:
>>> On Wed, Feb 28, 2018 at 7:56 PM, Daniel Borkmann
>>> wrote:
On 02/28/2018 12:55 AM, chris hyser wrote:
>> On 02/
On Thu, Mar 1, 2018 at 9:51 PM, Sargun Dhillon wrote:
> On Thu, Mar 1, 2018 at 9:44 AM, Andy Lutomirski wrote:
>> On Wed, Feb 28, 2018 at 7:56 PM, Daniel Borkmann
>> wrote:
>>> On 02/28/2018 12:55 AM, chris hyser wrote:
> On 02/27/2018 04:58 PM, Daniel Borkmann wrote: >> On 02/27/2018 05:59
On 03/01/2018 06:44 PM, Andy Lutomirski wrote:
> On Wed, Feb 28, 2018 at 7:56 PM, Daniel Borkmann wrote:
>> On 02/28/2018 12:55 AM, chris hyser wrote:
On 02/27/2018 04:58 PM, Daniel Borkmann wrote: >> On 02/27/2018 05:59 PM,
chris hyser wrote:
>> On 02/27/2018 11:00 AM, Kees Cook wr
On Thu, Mar 1, 2018 at 9:44 AM, Andy Lutomirski wrote:
> On Wed, Feb 28, 2018 at 7:56 PM, Daniel Borkmann wrote:
>> On 02/28/2018 12:55 AM, chris hyser wrote:
On 02/27/2018 04:58 PM, Daniel Borkmann wrote: >> On 02/27/2018 05:59 PM,
chris hyser wrote:
>> On 02/27/2018 11:00 AM, Kee
On Wed, Feb 28, 2018 at 7:56 PM, Daniel Borkmann wrote:
> On 02/28/2018 12:55 AM, chris hyser wrote:
>>> On 02/27/2018 04:58 PM, Daniel Borkmann wrote: >> On 02/27/2018 05:59 PM,
>>> chris hyser wrote:
> On 02/27/2018 11:00 AM, Kees Cook wrote:
>> On Tue, Feb 27, 2018 at 6:53 AM, chris hy
On 02/28/2018 02:56 PM, Daniel Borkmann wrote:
On 02/28/2018 12:55 AM, chris hyser wrote:
If you're implying that because seccomp would have it's own verifier and could therefore restrict itself to a subset of eBPF,
therefore any future additions/features to eBPF would not necessarily make sec
On 02/28/2018 12:55 AM, chris hyser wrote:
>> On 02/27/2018 04:58 PM, Daniel Borkmann wrote: >> On 02/27/2018 05:59 PM,
>> chris hyser wrote:
On 02/27/2018 11:00 AM, Kees Cook wrote:
> On Tue, Feb 27, 2018 at 6:53 AM, chris hyser
> wrote:
>> On 02/26/2018 11:38 PM, Kees Cook wro
On 02/27/2018 04:58 PM, Daniel Borkmann wrote: >> On 02/27/2018 05:59 PM, chris
hyser wrote:
On 02/27/2018 11:00 AM, Kees Cook wrote:
On Tue, Feb 27, 2018 at 6:53 AM, chris hyser wrote:
On 02/26/2018 11:38 PM, Kees Cook wrote:
On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski
wrote:
3. Str
On Tue, Feb 27, 2018 at 11:10 PM, Mickaël Salaün wrote:
>
> On 27/02/2018 05:54, Andy Lutomirski wrote:
>>
>>
>>> On Feb 26, 2018, at 8:38 PM, Kees Cook wrote:
>>>
>>> On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski
>>> wrote:
> On Feb 26, 2018, at 3:20 PM, Kees Cook wrote:
>
> On
On 27/02/2018 05:54, Andy Lutomirski wrote:
>
>
>> On Feb 26, 2018, at 8:38 PM, Kees Cook wrote:
>>
>> On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski wrote:
On Feb 26, 2018, at 3:20 PM, Kees Cook wrote:
On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
wrote:
>> O
On 02/27/2018 04:58 PM, Daniel Borkmann wrote:
On 02/27/2018 05:59 PM, chris hyser wrote:
On 02/27/2018 11:00 AM, Kees Cook wrote:
On Tue, Feb 27, 2018 at 6:53 AM, chris hyser wrote:
On 02/26/2018 11:38 PM, Kees Cook wrote:
On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski
wrote:
3. Straig
On 02/27/2018 05:59 PM, chris hyser wrote:
> On 02/27/2018 11:00 AM, Kees Cook wrote:
>> On Tue, Feb 27, 2018 at 6:53 AM, chris hyser wrote:
>>> On 02/26/2018 11:38 PM, Kees Cook wrote:
On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski
wrote:
>
> 3. Straight-up bugs. Those are e
On 02/27/2018 02:19 PM, Kees Cook wrote:
On Tue, Feb 27, 2018 at 8:59 AM, chris hyser wrote:
I will try to find that discussion. As someone pointed out here though, eBPF
A good starting point might be this:
https://lwn.net/Articles/441232/
Thanks. A fair amount of reading referenced there :
On Tue, Feb 27, 2018 at 8:59 AM, chris hyser wrote:
> On 02/27/2018 11:00 AM, Kees Cook wrote:
>>
>> On Tue, Feb 27, 2018 at 6:53 AM, chris hyser
>> wrote:
>>>
>>> On 02/26/2018 11:38 PM, Kees Cook wrote:
On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski
wrote:
>
>
>>>
On 02/27/2018 11:00 AM, Kees Cook wrote:
On Tue, Feb 27, 2018 at 6:53 AM, chris hyser wrote:
On 02/26/2018 11:38 PM, Kees Cook wrote:
On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski
wrote:
3. Straight-up bugs. Those are exactly as problematic as verifier
bugs in any other unprivileged eB
On Tue, Feb 27, 2018 at 6:53 AM, chris hyser wrote:
> On 02/26/2018 11:38 PM, Kees Cook wrote:
>>
>> On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski
>> wrote:
>>>
>>> 3. Straight-up bugs. Those are exactly as problematic as verifier
>>> bugs in any other unprivileged eBPF program type, right?
On 02/26/2018 11:38 PM, Kees Cook wrote:
On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski wrote:
3. Straight-up bugs. Those are exactly as problematic as verifier
bugs in any other unprivileged eBPF program type, right? I don't see
why seccomp is special here.
My concern is more about unint
On 02/27/2018 01:01 AM, Sargun Dhillon wrote:
> On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
> wrote:
>> On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
>>> This patchset enables seccomp filters to be written in eBPF. Although, this
>>> patchset doesn't introduce much of the
> On Feb 26, 2018, at 8:38 PM, Kees Cook wrote:
>
> On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski wrote:
>>> On Feb 26, 2018, at 3:20 PM, Kees Cook wrote:
>>>
>>> On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
>>> wrote:
> On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon
On Mon, Feb 26, 2018 at 8:19 PM, Andy Lutomirski wrote:
>> On Feb 26, 2018, at 3:20 PM, Kees Cook wrote:
>>
>> On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
>> wrote:
On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
This patchset enables seccomp filters to be writt
> On Feb 26, 2018, at 3:20 PM, Kees Cook wrote:
>
> On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
> wrote:
>>> On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
>>> This patchset enables seccomp filters to be written in eBPF. Although, this
>>> [...]
>> The main statement I wa
On Mon, Feb 26, 2018 at 07:46:19PM -0800, Sargun Dhillon wrote:
> On Mon, Feb 26, 2018 at 5:01 PM, Tycho Andersen wrote:
> > On Mon, Feb 26, 2018 at 03:20:15PM -0800, Kees Cook wrote:
> >> On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
> >> wrote:
> >> > On Mon, Feb 26, 2018 at 07:26:54AM +0
On Mon, Feb 26, 2018 at 5:01 PM, Tycho Andersen wrote:
> On Mon, Feb 26, 2018 at 03:20:15PM -0800, Kees Cook wrote:
>> On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
>> wrote:
>> > On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
>> >> This patchset enables seccomp filters to
On Mon, Feb 26, 2018 at 03:20:15PM -0800, Kees Cook wrote:
> On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
> wrote:
> > On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
> >> This patchset enables seccomp filters to be written in eBPF. Although, this
> >> [...]
> > The main sta
On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
wrote:
> On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
>> This patchset enables seccomp filters to be written in eBPF. Although, this
>> patchset doesn't introduce much of the functionality enabled by eBPF, it lays
>> the ground
On Mon, Feb 26, 2018 at 3:04 PM, Alexei Starovoitov
wrote:
> On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
>> This patchset enables seccomp filters to be written in eBPF. Although, this
>> [...]
> The main statement I want to hear from seccomp maintainers before
> proceeding any
On Mon, Feb 26, 2018 at 07:26:54AM +, Sargun Dhillon wrote:
> This patchset enables seccomp filters to be written in eBPF. Although, this
> patchset doesn't introduce much of the functionality enabled by eBPF, it lays
> the ground work for it. Currently, you have to disable CHECKPOINT_RESTORE
>
This patchset enables seccomp filters to be written in eBPF. Although, this
patchset doesn't introduce much of the functionality enabled by eBPF, it lays
the ground work for it. Currently, you have to disable CHECKPOINT_RESTORE
support in order to utilize eBPF seccomp filters, as eBPF filters canno
28 matches
Mail list logo
