[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Pavel Machek
pavel at ucw.cz
Thu May 26 16:27:52 EST 2011
On Mon 2011-05-16 10:36:05, James Morris wrote:
> On Fri, 13 May 2011, Ingo Molnar wrote:
> How do you reason about the behavior of the system as a whole?
>
>
> > I argue that this is the LSM and audit subsystems designed right: in the long
> > run it could allow everything that LSM does at the moment - and so much more
> > ...
>
> Now you're proposing a redesign of the security subsystem. That's a
> significant undertaking.
>
> In the meantime, we have a simple, well-defined enhancement to seccomp
> which will be very useful to current users in reducing their kernel attack
> surface.
Well, you can do the same with subterfugue, even without kernel
changes. But that's ptrace -- slow. (And it already shows that syscall
based filters are extremely tricky to configure).
If yu want speed, seccomp+server for non-permitted operations seems like reasonable way.
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
More information about the Linuxppc-dev
mailing list