On Wednesday, October 24, 2012 02:22:56 PM Daniel J Walsh wrote:
> > f.add_rule_exactly(ALLOW, "read", Arg(0, Arg.EQ, sys.stdin.fileno())); +
> > f.add_rule_exactly(ALLOW, "write", Arg(0, Arg.EQ, sys.stdout.fileno())); +
> > f.add_rule_exactly(ALLOW, "write", Arg(0, Arg.EQ, sys.stderr.fileno()));
>
> I will give you sys.stderr and you change it to fileno, not me.
Thanks for taking a look and sending your comments.
I think the problem here is that these are syscall arguments, which are scalar
values by definition, and putting code in the Python binding/shim to translate
every possible Python object into the correct scalar value for seccomp seems
like a loosing battle, especially when the caller can usually do it in such a
trivial manner.
I might be convinced to do it for a few special cases, file objects, being one
of them, if you could point me to a Python example that demonstrates type
specific behavior, for example:
if (type(object) == FILE_OBJECT)
fd = object.fileno()
else (type(object) == SCALAR)
fd = object
else
eject(mailman)
> I don't like Arg.EQ, I would prefer EQ, and maybe make this the default?
Sure, I can move EQ and friends up to the top level of the module, no problem
there. As for making it the default, I'm tempted to leave it as is since I
think it makes more sense with all three arguments being explicit; after all,
a comparison takes three items: a variable to compare, a comparison operator,
and a value to compare against.
> BTW You can probably do most of this in your python code. (__init__.py)
You lost me here, can you elaborate?
--
paul moore
security and virtualization @ redhat
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
