[RFC PATCH] seccomp: Add protection keys into seccomp_data
Michael Sammler
msammler at mpi-sws.org
Tue Nov 15 15:16:07 AEDT 2022
> We're currently working on a feature in chromium that uses pkeys for
> in-process isolation. Being able to use the pkey state in the seccomp
> filter would be pretty useful for this. For example, it would allow
> us to enforce that no code outside the isolated thread would ever
> map/mprotect executable memory.
> We can probably do something similar by adding instruction pointer
> checks to the seccomp filter, but that feels quite hacky and this
> feature would make a much nicer implementation.
>
> Are there any plans to make a version 2 of this patch?
Thanks for your interest in this patch, but I am now working on other projects and currently don't plan to make a version 2 of this patch.
More information about the Linuxppc-dev
mailing list