On Thu, Feb 6, 2025 at 1:22 PM Kees Cook <kees@xxxxxxxxxx> wrote: > > On Sun, 02 Feb 2025 08:29:19 -0800, Eyal Birger wrote: > > uretprobe(2) is an performance enhancement system call added to improve > > uretprobes on x86_64. > > > > Confinement environments such as Docker are not aware of this new system > > call and kill confined processes when uretprobes are attached to them. > > > > Since uretprobe is a "kernel implementation detail" system call which is > > not used by userspace application code directly, pass this system call > > through seccomp without forcing existing userspace confinement environments > > to be changed. > > > > [...] > > With the changes I mentioned in each patch, I've applied this to > for-next/seccomp, with the intention of getting them into v6.14-rc2. > > Thanks! Thank you very much for your help. Eyal.
