On Sun, 02 Feb 2025 08:29:19 -0800, Eyal Birger wrote:
> uretprobe(2) is an performance enhancement system call added to improve
> uretprobes on x86_64.
>
> Confinement environments such as Docker are not aware of this new system
> call and kill confined processes when uretprobes are attached to them.
>
> Since uretprobe is a "kernel implementation detail" system call which is
> not used by userspace application code directly, pass this system call
> through seccomp without forcing existing userspace confinement environments
> to be changed.
>
> [...]
With the changes I mentioned in each patch, I've applied this to
for-next/seccomp, with the intention of getting them into v6.14-rc2.
Thanks!
[1/2] seccomp: passthrough uretprobe systemcall without filtering
https://git.kernel.org/kees/c/cf6cb56ef244
[2/2] selftests/seccomp: validate uretprobe syscall passes through seccomp
https://git.kernel.org/kees/c/c2debdb8544f
Take care,
--
Kees Cook
