Re: [PATCH] seccomp: Add pkru into seccomp_data

[Andy Lutomirski]

> On Oct 25, 2018, at 5:35 PM, Kees Cook <keesc...@chromium.org> wrote:
> 
>> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski <l...@amacapital.net> 
>> wrote:
>> You could bite the bullet and add seccomp eBPF support :)
> 
> I'm not convinced this is a good enough reason for gaining the eBPF
> attack surface yet.
> 
> 

Is it an interesting attack surface?  It’s certainly scarier if you’re worried 
about attacks from the sandbox creator, but the security inside the sandbox 
should be more or less equivalent, no?