On 2021-06-29, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > I am the process of cleaning up the process exit path in the kernel, and > as part of that I am looking at the callers of do_exit. A very > interesting one is __seccure_computing_strict. > > Looking at the code is very clear that if a system call is attempted > that is not in the table the thread attempting to execute that system > call is terminated. > > Reading the man page for seccomp it says that the process is delivered > SIGKILL. > > The practical difference is what happens for multi-threaded > applications. > > What are the desired semantics for a multi-threaded application if one > thread attempts to use a unsupported system call? Should the thread be > terminated or the entire application? > > Do we need to fix the kernel, or do we need to fix the manpages? My expectation is that the correct action should be the equivalent of SECCOMP_RET_KILL(_THREAD) which kills the thread and is the current behaviour (SECCOMP_RET_KILL_PROCESS is relatively speaking quite new). -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature
