From: Christian Brauner <christian.brauner@ubuntu.com>
To: Kees Cook <keescook@chromium.org>
Cc: Robert Sesek <rsesek@google.com>,
Chris Palmer <palmer@google.com>, Jann Horn <jannh@google.com>,
Jeffrey Vander Stoep <jeffv@google.com>,
Linux Containers <containers@lists.linux-foundation.org>,
kernel list <linux-kernel@vger.kernel.org>,
Matt Denton <mpdenton@google.com>,
Andy Lutomirski <luto@kernel.org>
Subject: Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter
Date: Fri, 29 May 2020 10:00:04 +0200 [thread overview]
Message-ID: <20200529080004.6lb6w4oi3nvatzdf@wittgenstein> (raw)
In-Reply-To: <202005290055.D6E777A@keescook>
On Fri, May 29, 2020 at 12:56:50AM -0700, Kees Cook wrote:
> On Fri, May 29, 2020 at 09:51:37AM +0200, Christian Brauner wrote:
> > Aside from this being not an issue now, can we please not dump seccomp
> > filter contents in proc. That sounds terrible and what's the rationale,
> > libseccomp already let's you dump filter contents while loading and you
> > could ptrace it. But maybe I'm missing a giant need for this...
>
> The use-case comes from Android wanting to audit seccomp filters at
> runtime. I think this is stalled until there is a good answer to "what
> are you going to audit for, and how, given raw BPF?"
Doing this in proc seems very suboptimal why isn't this simply an
extension to the seccomp syscall (passing in a struct with the target's
pid or pidfd for example) to identify the target? But yeah, if there's
no real audit strategy all of that seems weird.
Christian
next prev parent reply other threads:[~2020-05-29 8:00 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-28 15:14 [PATCH v2 1/2] seccomp: notify user trap about unused filter Christian Brauner
2020-05-28 15:14 ` [PATCH v2 2/2] tests: test seccomp filter notifications Christian Brauner
2020-05-29 5:41 ` Kees Cook
2020-05-29 8:00 ` Christian Brauner
2020-05-28 23:11 ` [PATCH v2 1/2] seccomp: notify user trap about unused filter Kees Cook
2020-05-28 23:32 ` Jann Horn
2020-05-29 5:36 ` Kees Cook
2020-05-29 7:51 ` Christian Brauner
2020-05-29 7:56 ` Kees Cook
2020-05-29 8:00 ` Christian Brauner [this message]
2020-05-29 8:50 ` Christian Brauner
2020-05-29 7:47 ` Christian Brauner
2020-05-29 8:02 ` Kees Cook
2020-05-29 7:56 ` Christian Brauner
2020-05-29 8:06 ` Kees Cook
2020-05-29 8:37 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200529080004.6lb6w4oi3nvatzdf@wittgenstein \
--to=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=jannh@google.com \
--cc=jeffv@google.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mpdenton@google.com \
--cc=palmer@google.com \
--cc=rsesek@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox