Hi everyone, Here's v8 of the seccomp trap to userspace series. Major changes are: * dropped the ptrace API all together. I believe based on the last thread that it could be made safe by adding a check on the refcount of the filter when grabbing it, but that sort of feels like a hack and it's not strictly necessary, so I dropped it. * dropped the fd passing bits (for now). I like Andy's API proposal, and there are a few ways to implement it, but how exactly is controversial, and the stuff I'm really interested in using this for doesn't need the fd passing bits. * applied all the feedback from v7 (I think, there was a lot of it :) Link to v7: https://lkml.org/lkml/2018/9/27/968 Cheers, Tycho Tycho Andersen (2): seccomp: add a return code to trap to userspace samples: add an example of seccomp user trap Documentation/ioctl/ioctl-number.txt | 1 + .../userspace-api/seccomp_filter.rst | 66 +++ include/linux/seccomp.h | 7 +- include/uapi/linux/seccomp.h | 35 +- kernel/seccomp.c | 475 +++++++++++++++++- samples/seccomp/.gitignore | 1 + samples/seccomp/Makefile | 7 +- samples/seccomp/user-trap.c | 345 +++++++++++++ tools/testing/selftests/seccomp/foo | 106 ++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 355 ++++++++++++- 10 files changed, 1387 insertions(+), 11 deletions(-) create mode 100644 samples/seccomp/user-trap.c create mode 100644 tools/testing/selftests/seccomp/foo -- 2.17.1
