On Jul 27, 2014 5:06 PM, "Theodore Ts'o" <ty...@mit.edu> wrote: > > On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote: > > > > There is recent interest in having a way to turn generally-available > > kernel features off. Maybe we should add a good one so we can stop > > bikeshedding and avoid proliferating dumb interfaces. > > I believe the seccomp infrastructure (which is already upstream) > should be able to do most of what you want, at least with respect to > features which are exposed via system calls (which was most of your > list).
Seccomp can't really restrict lookups of non-self pids. In fact, this feature idea started out as a response to a patch adding a kind of nasty seccomp feature to make it sort of possible. I agree that that seccomp can turn off GRND_RANDOM, but how is it supposed to do it in such a way that the filtered software will fall back to something sensible? -ENOSYS? -EPERM? Something else? I think that -ENOSYS is clearly wrong, but standardizing this would be nice. Admittedly, adding something fancy like this for GRND_RANDOM may not be appropriate. --Andy > > It won't cover x86 specific things like restricting RDTSC or CPUID > (and as far as I know you can't intercept the CPUID instruction), but > I'm not sure it matters. I don't really see the point, myself. > > - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
