[PATCH v3 0/4] seccomp trap to userspace
Tycho Andersen
tycho at tycho.ws
Thu May 31 14:49:45 UTC 2018
Hi all,
Here's a v3 of the seccomp trap to userspace, with all the nits from v2
fixed. Open questions from v2 are still:
1. is it ok not to use netlink?
2. what should the fd passing API look like? (see patch notes on this
one for details of why the current one might (?) be a problem)
As an added bonus, I've also written some stress testing, with lots of
tasks and listeners (1000 of each) sharing the same notification thread,
and not found any issues so far. Code is here:
https://github.com/tych0/kernel-utils/blob/master/seccomp/notify_stress.c
although I haven't included it in the patchset.
v2: https://lkml.org/lkml/2018/5/17/627
Tycho Andersen (4):
seccomp: add a return code to trap to userspace
seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE
seccomp: add a way to get a listener fd from ptrace
seccomp: add support for passing fds via USER_NOTIF
arch/Kconfig | 7 +
include/linux/seccomp.h | 14 +-
include/uapi/linux/ptrace.h | 2 +
include/uapi/linux/seccomp.h | 20 +-
kernel/ptrace.c | 4 +
kernel/seccomp.c | 477 +++++++++++++++++-
tools/testing/selftests/seccomp/seccomp_bpf.c | 373 +++++++++++++-
7 files changed, 889 insertions(+), 8 deletions(-)
--
2.17.0
More information about the Containers
mailing list