[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Arnd Bergmann
arnd at arndb.de
Sun May 15 16:42:07 EST 2011
On Saturday 14 May 2011, Will Drewry wrote:
> Depending on integration, it could even be limited to ioctl commands
> that are appropriate to a known fd if the fd is opened prior to
> entering seccomp mode 2. Alternatively, __NR__ioctl could be allowed
> with a filter of "1" then narrowed through a later addition of
> something like "(fd == %u && (cmd == %u || cmd == %u))" or something
> along those lines.
>
> Does that make sense?
Thanks for the explanation. This sounds like it's already doing all
we need.
Arnd
More information about the Linuxppc-dev
mailing list