From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tyler Hicks Subject: Re: [PATCH v3 1/4] seccomp: Add sysctl to display available actions Date: Thu, 16 Feb 2017 12:47:05 -0600 Message-ID: References: <1487043928-5982-1-git-send-email-tyhicks@canonical.com> <1487043928-5982-2-git-send-email-tyhicks@canonical.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0485646748880582513==" Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Andy Lutomirski Cc: Will Drewry , "linux-kernel@vger.kernel.org" , linux-audit@redhat.com, John Crispin List-Id: linux-audit@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0485646748880582513== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2nDJaB2ExfJSWMvFmOh5w8IR94no7R0DB" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2nDJaB2ExfJSWMvFmOh5w8IR94no7R0DB Content-Type: multipart/mixed; boundary="bpX1mXJPIxW7BNi8e2gLwKhQTJN4Xgtvd"; protected-headers="v1" From: Tyler Hicks To: Andy Lutomirski Cc: Paul Moore , Eric Paris , Kees Cook , Will Drewry , linux-audit@redhat.com, "linux-kernel@vger.kernel.org" , John Crispin Message-ID: Subject: Re: [PATCH v3 1/4] seccomp: Add sysctl to display available actions References: <1487043928-5982-1-git-send-email-tyhicks@canonical.com> <1487043928-5982-2-git-send-email-tyhicks@canonical.com> In-Reply-To: --bpX1mXJPIxW7BNi8e2gLwKhQTJN4Xgtvd Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 02/15/2017 09:14 PM, Andy Lutomirski wrote: > On Mon, Feb 13, 2017 at 7:45 PM, Tyler Hicks wr= ote: >> This patch creates a read-only sysctl containing an ordered list of >> seccomp actions that the kernel supports. The ordering, from left to >> right, is the lowest action value (kill) to the highest action value >> (allow). Currently, a read of the sysctl file would return "kill trap >> errno trace allow". The contents of this sysctl file can be useful for= >> userspace code as well as the system administrator. >=20 > Would this make more sense as a new seccomp(2) mode a la > SECCOMP_HAS_ACTION? Then sandboxy things that have no fs access could > use it. >=20 It would make sense for code that needs to check which actions are available. It wouldn't make sense for administrators that need to check which actions are available unless libseccomp provided a wrapper utility.= Is this a theoretical concern or do you know of a sandboxed piece of code that cannot access the sysctl before constructing a seccomp filter? Tyler --bpX1mXJPIxW7BNi8e2gLwKhQTJN4Xgtvd-- --2nDJaB2ExfJSWMvFmOh5w8IR94no7R0DB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYpfOqAAoJENaSAD2qAscKB+kQAKba+I128FYXZNe9jHfch5UI sxnz6Gw5DXgYIUoQDvMCpTH3+x5Vfz5aSC2zrBHEyhPMOP1wKD1GrFXptZuE6acj zg+LjuHNbP4lTEFPxl5oQ/+zYTKX0PD9wD6Wlb5XJPWpJY8l5BqVwehmC9mGb8Dr cu9xFxH5Y69c/P1emFPV/ObwHcNzHSTMsAvL3KAcyKV1zPc27oAbwsnAxVrMDFLp MrmwrW82SS8N08hbLF0j6PcvupU/g1XI8L7bGOIoOK3sNYkI4DFqcIMP5/nmykCw 8TvInKE30Z3mp5pwkGOGUqvG+FQiy2AYCmL7m8ru+dyU/Nac56tcgq32tBS1RVxP 8yfV4Mgt3+PA/4c/QT9DRTxs0S9qoS/NLyA0TU1stYYUPDtJUm/C8SY2wsocWiwp xXihcjZDDMNXcEuhNbk72AQGCrgiIP57hm5wn9kfmxoY4bJOdtecy8HRvE1QlZRY 3IrYawKIfW2dPuTZlQwH76M3WQRp7FQP90BfnJ7M57ne1FnUkQ9Q//YK0oQNCiT8 jcgIe0s/ZOp0Gouq7RiG69tJnr26SkH/jFfMTmao0U4egg+aV3RCAoFWHbE5DrlE hIgXNOw/PABZyO7I//+xPHkAJH9D4+YXNB2p7VVWWXbhD3SytYycAA2UBNPdvN3r hB5hzzxAe40RiQMLC+NM =3yTY -----END PGP SIGNATURE----- --2nDJaB2ExfJSWMvFmOh5w8IR94no7R0DB-- --===============0485646748880582513== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============0485646748880582513==--