Sargun Dhillon <sargun@xxxxxxxxx> writes: > This adds a seccomp notifier ioctl which allows for the listener to "add" > file descriptors to a process which originated a seccomp user > notification. This allows calls like mount, and mknod to be "implemented", > as the return value, and the arguments are data in memory. On the other > hand, calls like connect can be "implemented" using pidfd_getfd. > > Unfortunately, there are calls which return file descriptors, like > open, which are vulnerable to TOC-TOU attacks, and require that the > more privileged supervisor can inspect the argument, and perform the > syscall on behalf of the process generating the notifiation. This > allows the file descriptor generated from that open call to be > returned to the calling process. > > In addition, there is funcitonality to allow for replacement of > specific file descriptors, following dup2-like semantics. > > Signed-off-by: Sargun Dhillon <sargun@xxxxxxxxx> > Suggested-by: Matt Denton <mpdenton@xxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxx>, > Cc: Jann Horn <jannh@xxxxxxxxxx>, > Cc: Robert Sesek <rsesek@xxxxxxxxxx>, > Cc: Chris Palmer <palmer@xxxxxxxxxx> > Cc: Christian Brauner <christian.brauner@xxxxxxxxxx> > Cc: Tycho Andersen <tycho@xxxxxxxx> > --- Thanks, this is a really useful feature. Tested-by: Giuseppe Scrivano <gscrivan@xxxxxxxxxx>
