Hi Andy, On Sun, Feb 04, 2018 at 05:36:33PM +0000, Andy Lutomirski wrote: > > The actual implementation of this is fairly small, although getting the > > synchronization right was/is slightly complex. Also worth noting that there > > is one race still present: > > > > 1. a task does a SECCOMP_RET_USER_NOTIF > > 2. the userspace handler reads this notification > > 3. the task dies > > 4. a new task with the same pid starts > > 5. this new task does a SECCOMP_RET_USER_NOTIF, gets the same cookie id > > that the previous one did > > 6. the userspace handler writes a response > > I'm slightly confused. I thought the id was never reused for a given > struct seccomp_filter. (Also, shouldn't the id be u64, not u32?) Well, what happens when u32/64 overflows? Eventually it will wrap. > On very quick reading, I have a question. What happens if a process > has two seccomp_filters attached, one of them returns > SECCOMP_RET_USER_NOTIF, and the *other* one has a listener? Good question, in seccomp_run_filters(), the first (lowest, last applied) filter who returns SECCOMP_RET_USER_NOTIF is the one that gets the notification and the other receives nothing. I don't really have any reason to prefer this behavior, it's just what happened without much thought. Cheers, Tycho _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
