From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from fallback.mail.elte.hu (fallback.mail.elte.hu [157.181.151.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 90C54DDF90 for ; Thu, 7 May 2009 08:37:22 +1000 (EST) Received: from mx3.mail.elte.hu ([157.181.1.138]) by fallback.mail.elte.hu with esmtp (Exim) id 1M1ohh-0005m5-Ry from for ; Wed, 06 May 2009 23:31:01 +0200 Date: Wed, 6 May 2009 23:29:13 +0200 From: Ingo Molnar To: Markus Gutschke =?utf-8?B?KOmhp+Wtn+WLpCk=?= Subject: Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole Message-ID: <20090506212913.GC4861@elte.hu> References: <20090228030226.C0D34FC3DA@magilla.sf.frob.com> <20090228030413.5B915FC3DA@magilla.sf.frob.com> <20090228072554.CFEA6FC3DA@magilla.sf.frob.com> <904b25810905061146ged374f2se0afd24e9e3c1f06@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 In-Reply-To: <904b25810905061146ged374f2se0afd24e9e3c1f06@mail.gmail.com> Cc: linux-mips@linux-mips.org, x86@kernel.org, linux-kernel@vger.kernel.org, linuxppc-dev@ozlabs.org, sparclinux@vger.kernel.org, Andrew Morton , Linus Torvalds , stable@kernel.org, Roland McGrath List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , * Markus Gutschke (顧孟勤) wrote: > On Sat, Feb 28, 2009 at 10:23, Linus Torvalds > wrote: > > And I guess the seccomp interaction means that this is > > potentially a 2.6.29 thing. Not that I know whether anybody > > actually _uses_ seccomp. It does seem to be enabled in at least > > Fedora kernels, but it might not be used anywhere. > > In the Linux version of Google Chrome, we are currently working on > code that will use seccomp for parts of our sandboxing solution. That's a pretty interesting usage. What would be fallback mode you are using if the kernel doesnt have seccomp built in? Completely non-sandboxed? Or a ptrace/PTRACE_SYSCALL based sandbox? Ingo