[PATCH] seccomp: Add pkru into seccomp_data

Andy Lutomirski luto at amacapital.net
Fri Oct 26 11:49:20 AEDT 2018



> On Oct 25, 2018, at 5:35 PM, Kees Cook <keescook at chromium.org> wrote:
> 
>> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski <luto at amacapital.net> wrote:
>> You could bite the bullet and add seccomp eBPF support :)
> 
> I'm not convinced this is a good enough reason for gaining the eBPF
> attack surface yet.
> 
> 

Is it an interesting attack surface?  It’s certainly scarier if you’re worried about attacks from the sandbox creator, but the security inside the sandbox should be more or less equivalent, no?


More information about the Linuxppc-dev mailing list