[PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole
Ingo Molnar
mingo at elte.hu
Thu May 7 07:29:13 EST 2009
* Markus Gutschke (顧孟勤) <markus at google.com> wrote:
> On Sat, Feb 28, 2009 at 10:23, Linus Torvalds
> <torvalds at linux-foundation.org> wrote:
> > And I guess the seccomp interaction means that this is
> > potentially a 2.6.29 thing. Not that I know whether anybody
> > actually _uses_ seccomp. It does seem to be enabled in at least
> > Fedora kernels, but it might not be used anywhere.
>
> In the Linux version of Google Chrome, we are currently working on
> code that will use seccomp for parts of our sandboxing solution.
That's a pretty interesting usage. What would be fallback mode you
are using if the kernel doesnt have seccomp built in? Completely
non-sandboxed? Or a ptrace/PTRACE_SYSCALL based sandbox?
Ingo
More information about the Linuxppc-dev
mailing list