On Tue, Mar 20, 2018 at 4:30 AM, <[email protected]> wrote: > Hi > > I really like libseccomp, but now I am facing a requirement I'm not sure I > can accomplish with it and I might need to fallback to direct BPF use. > > I was wondering if I can create filters based on the user-space address of > the system call? > > For example: enable SYS_open from the address range on glibc .text section > but not from other places. > > I know I can do it from BPF, but I have a lot of reasons not to ;-)
Hi, Unfortunately we don't currently support filtering on the caller's IP, but it is something I've thought about occasionally. However, I usually dismissed the idea because I didn't think anyone would make use of it. The good news is that I don't think it would be particularly difficult to implement, especially if we made the IP check a global check and not per-syscall. I went ahead a created and issue tracker for this in GitHub, if you want to follow the progress you can do so there. If you want to help contribute, ideas or code, that's a good place to help out too! * https://github.com/seccomp/libseccomp/issues/113 -- paul moore www.paul-moore.com -- You received this message because you are subscribed to the Google Groups "libseccomp" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
