* Andrea Arcangeli <[EMAIL PROTECTED]> wrote:
> > technical comment: seccomp goes outside the audit/selinux framework,
> > which i believe is a bug. Andrea?
>
> I intentionally left it out of audit/selinux. To the less dependencies
> it has on other parts of the kernel and the simpler it is, the better
> IMHO. Seccomp should be fixed in stone, people shouldn't go hack on it
> every day.
let me put it another way: this is a security hole. seccomp is now a way
to evade the auditing of read/write syscalls done to an opened file.
Please fix this.
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
