Re: [PATCH bpf-next 1/6] bpf: Introduce BPF_PROG_TYPE_SECCOMP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 2, 2023 at 12:49 PM Kees Cook <kees@xxxxxxxxxx> wrote:
>
>
>
> On October 30, 2023 6:24:02 PM PDT, Hengqi Chen <hengqi.chen@xxxxxxxxx> wrote:
> >This adds minimal support for seccomp eBPF programs
> >which can be hooked into the existing seccomp framework.
> >This allows users to write seccomp filter in eBPF language
> >and enables seccomp filter reuse through bpf prog fd and
> >bpffs. Currently, no helper calls are allowed just like
> >its cBPF version.
>
> I think this is bypassing the seccomp bitmap generation pass, so this will break (at least) performance.
>
> I continue to prefer sticking to only cBPF for seccomp, so let's just use the seccomp syscall to generate the fds.

That's fine, but let's not mix old things with bpffs, bpftool, etc.
If you want an anon_fd then go ahead and allocate it standalone.
It shouldn't be confused with eBPF fd-s.
No bpffs treatment and no bpftool visibility.





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux