From: daw@taverner.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: seccomp for 2.6.11-rc1-bk8
Date: Fri, 25 Feb 2005 19:01:26 +0000 (UTC) [thread overview]
Message-ID: <cvnsm6$pjh$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: 20050215092539.GT13712@opteron.random
Andrea Arcangeli wrote:
>On Sun, Jan 23, 2005 at 07:34:24AM +0000, David Wagner wrote:
>> [...Ostia...] The jailed process inherit an open file
>> descriptor to its jailor, and is only allowed to call read(), write(),
>> sendmsg(), and recvmsg(). [...]
>
>Why to call sendmsg/recvmsg when you can call read/write anyway?
Because sendmsg() and recvmsg() allow passing of file descriptors,
and read() and write() do not. For some uses of this kind of jail,
the ability to pass file descriptors to/from your master is a big deal.
It enables significant new uses of seccomp. Right now, the only way a
master can get a fd to the jail is to inherit that fd across fork(),
but this isn't as flexible and it restricts the ability to pass fds
interactively.
Andrea, I understand that you don't have any use for sendmsg()/recvmsg()
in your Cpushare application. I'm thinking about this from the point of
view of other potential users of seccomp. I believe there are several
other applications which might benefit from seccomp, if only it were
to allow fd-passing. If we're going to deploy this in the mainstream
kernel, maybe it makes sense to enable other uses as well. And that's
why I suggested allowing sendmsg() and recvmsg().
It might be worth considering.
[Sorry for the very late reply; I've been occupied with other things
since your last reply.]
next prev parent reply other threads:[~2005-02-25 19:02 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-21 10:06 seccomp for 2.6.11-rc1-bk8 Andrea Arcangeli
2005-01-21 12:03 ` Ingo Molnar
2005-01-21 12:47 ` Ingo Molnar
2005-01-21 12:55 ` Ingo Molnar
2005-01-21 21:31 ` Roland McGrath
2005-01-22 3:25 ` Andrea Arcangeli
2005-01-21 20:24 ` Andrea Arcangeli
2005-01-21 17:39 ` Chris Wright
2005-01-21 18:39 ` Rik van Riel
2005-01-21 18:50 ` Chris Wright
2005-01-21 19:55 ` Ingo Molnar
2005-01-21 20:34 ` Andrea Arcangeli
2005-01-21 20:54 ` Ingo Molnar
2005-01-22 2:51 ` Andrea Arcangeli
2005-01-22 10:32 ` Pavel Machek
2005-01-22 17:25 ` Andrea Arcangeli
2005-01-22 19:42 ` Pavel Machek
2005-01-22 23:34 ` Andrea Arcangeli
2005-01-23 0:07 ` Pavel Machek
2005-01-23 0:46 ` Andrea Arcangeli
2005-01-23 0:43 ` Rik van Riel
2005-01-23 0:52 ` Andrea Arcangeli
2005-01-23 4:43 ` Valdis.Kletnieks
2005-01-23 6:11 ` Andrea Arcangeli
2005-01-21 18:59 ` David Wagner
2005-01-21 19:17 ` Chris Wright
2005-01-23 7:34 ` David Wagner
2005-01-24 15:10 ` Daniel Jacobowitz
2005-02-15 9:25 ` Andrea Arcangeli
2005-02-25 19:01 ` David Wagner [this message]
2005-01-21 12:11 ` Pavel Machek
2005-02-15 9:32 ` seccomp for 2.6.11-rc4 Andrea Arcangeli
2005-02-16 5:25 ` Herbert Poetzl
2005-02-18 2:25 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='cvnsm6$pjh$1@abraham.cs.berkeley.edu' \
--to=daw@taverner.cs.berkeley.edu \
--cc=daw-usenet@taverner.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox