> On Feb 26, 2018, at 4:49 PM, Kees Cook wrote:
>
>> On Wed, Feb 14, 2018 at 9:19 AM, Andy Lutomirski wrote:
>>> On Wed, Feb 14, 2018 at 3:29 PM, Tycho Andersen wrote:
On Tue, Feb 13, 2018 at 01:09:20PM -0800, Kees Cook wrote:
On Sun, Feb 4, 2018 at 2:49 AM, Tycho Andersen wrote:
>
On Wed, Feb 14, 2018 at 9:19 AM, Andy Lutomirski wrote:
> On Wed, Feb 14, 2018 at 3:29 PM, Tycho Andersen wrote:
>> On Tue, Feb 13, 2018 at 01:09:20PM -0800, Kees Cook wrote:
>>> On Sun, Feb 4, 2018 at 2:49 AM, Tycho Andersen wrote:
>>> I wonder if this communication should be netlink, which giv
On Wed, Feb 14, 2018 at 05:19:52PM +, Andy Lutomirski wrote:
> On Wed, Feb 14, 2018 at 3:29 PM, Tycho Andersen wrote:
> > Hey Kees,
> >
> > Thanks for taking a look!
> >
> > On Tue, Feb 13, 2018 at 01:09:20PM -0800, Kees Cook wrote:
> >> On Sun, Feb 4, 2018 at 2:49 AM, Tycho Andersen wrote:
>
On Wed, Feb 14, 2018 at 05:19:52PM +, Andy Lutomirski wrote:
> On Wed, Feb 14, 2018 at 3:29 PM, Tycho Andersen wrote:
> > Hey Kees,
> >
> > Thanks for taking a look!
> >
> > On Tue, Feb 13, 2018 at 01:09:20PM -0800, Kees Cook wrote:
> >> On Sun, Feb 4, 2018 at 2:49 AM, Tycho Andersen wrote:
>
On Wed, Feb 14, 2018 at 3:29 PM, Tycho Andersen wrote:
> Hey Kees,
>
> Thanks for taking a look!
>
> On Tue, Feb 13, 2018 at 01:09:20PM -0800, Kees Cook wrote:
>> On Sun, Feb 4, 2018 at 2:49 AM, Tycho Andersen wrote:
>> > This patch introduces a means for syscalls matched in seccomp to notify
>>
Hey Kees,
Thanks for taking a look!
On Tue, Feb 13, 2018 at 01:09:20PM -0800, Kees Cook wrote:
> On Sun, Feb 4, 2018 at 2:49 AM, Tycho Andersen wrote:
> > This patch introduces a means for syscalls matched in seccomp to notify
> > some other task that a particular filter has been triggered.
> >
On Sun, Feb 4, 2018 at 2:49 AM, Tycho Andersen wrote:
> This patch introduces a means for syscalls matched in seccomp to notify
> some other task that a particular filter has been triggered.
>
> The motivation for this is primarily for use with containers. For example,
> if a container does an ini
On Sun, Feb 04, 2018 at 08:33:25PM +, Andy Lutomirski wrote:
> On Sun, Feb 4, 2018 at 8:01 PM, Tycho Andersen wrote:
> > Hi Andy,
> >
> > On Sun, Feb 04, 2018 at 05:36:33PM +, Andy Lutomirski wrote:
> >> > The actual implementation of this is fairly small, although getting the
> >> > synch
On Sun, Feb 4, 2018 at 8:01 PM, Tycho Andersen wrote:
> Hi Andy,
>
> On Sun, Feb 04, 2018 at 05:36:33PM +, Andy Lutomirski wrote:
>> > The actual implementation of this is fairly small, although getting the
>> > synchronization right was/is slightly complex. Also worth noting that there
>> > i
Hi Andy,
On Sun, Feb 04, 2018 at 05:36:33PM +, Andy Lutomirski wrote:
> > The actual implementation of this is fairly small, although getting the
> > synchronization right was/is slightly complex. Also worth noting that there
> > is one race still present:
> >
> > 1. a task does a SECCOMP_RE
On Sun, Feb 4, 2018 at 10:49 AM, Tycho Andersen wrote:
> This patch introduces a means for syscalls matched in seccomp to notify
> some other task that a particular filter has been triggered.
Neat!
>
> The motivation for this is primarily for use with containers. For example,
> if a container do
This patch introduces a means for syscalls matched in seccomp to notify
some other task that a particular filter has been triggered.
The motivation for this is primarily for use with containers. For example,
if a container does an init_module(), we obviously don't want to load this
untrusted code,
12 matches
Mail list logo