On Thu, Feb 06, 2025 at 05:06:29PM -0800, Eyal Birger wrote: > On Thu, Feb 6, 2025 at 1:22 PM Kees Cook <kees@xxxxxxxxxx> wrote: > > > > On Sun, 02 Feb 2025 08:29:19 -0800, Eyal Birger wrote: > > > uretprobe(2) is an performance enhancement system call added to improve > > > uretprobes on x86_64. > > > > > > Confinement environments such as Docker are not aware of this new system > > > call and kill confined processes when uretprobes are attached to them. > > > > > > Since uretprobe is a "kernel implementation detail" system call which is > > > not used by userspace application code directly, pass this system call > > > through seccomp without forcing existing userspace confinement environments > > > to be changed. > > > > > > [...] > > > > With the changes I mentioned in each patch, I've applied this to > > for-next/seccomp, with the intention of getting them into v6.14-rc2. > > > > Thanks! > > Thank you very much for your help. great! thanks, jirka
