> We're currently working on a feature in chromium that uses pkeys for > in-process isolation. Being able to use the pkey state in the seccomp > filter would be pretty useful for this. For example, it would allow > us to enforce that no code outside the isolated thread would ever > map/mprotect executable memory. > We can probably do something similar by adding instruction pointer > checks to the seccomp filter, but that feels quite hacky and this > feature would make a much nicer implementation. > > Are there any plans to make a version 2 of this patch? Thanks for your interest in this patch, but I am now working on other projects and currently don't plan to make a version 2 of this patch.
