On Tue, Jan 14, 2025 at 01:32:58PM +0100, Oleg Nesterov wrote:
> Sorry, I don't understand... Perhaps because I am enjoying my state after
> dentist appointment ;)
For some reason I thought to remember that parent thread would spawn
restricted child, however:
> OK, suppose we have
>
> void start_SECCOMP_MODE_STRICT(void)
> {
> // in particular nacks __NR_uretprobe
> seccomp(SECCOMP_MODE_STRICT, ...);
> }
>
> and we want to add uretprobe to this function.
>
> In this case prepare_uretprobe() can't know that sys_uretprobe() won't
> work when this function returns?
Indeed. But any further probes placed after seccomp() would be able to,
and installing trampolines for them would be a waste, no?
