On Thu, May 17, 2018 at 09:12:14AM -0600, Tycho Andersen wrote:
> Hi,
>
> After a while focusing on other things, I finally managed ot get a v2 of
> this series prepared. I believe I've addressed all the feedback from v1,
> except for one major point: switching the communication protocol over
> the fd to nlattr. I looked into doing this, but the kernel stuff for
> dealing with nlattr seems to require an skb (via nlmsg_{new,put} and
> netlink_unicast), which means we need to deal with the netlink sequence
> numbers, portids, and create a socket protocol. I can do this if we
> still think nlattr is necessary, but based on looking at it, it seems
> like a lot of extra code for no real benefit.
Yes, we've had that discussion before and I agree. I fail to see the
benefit here too.
Christian
>
> I've also added support for passing fds. The code itself is simple, but
> the API could/should probably be different, see patch 4 for discussion.
>
> Tycho
>
> Tycho Andersen (4):
> seccomp: add a return code to trap to userspace
> seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE
> seccomp: add a way to get a listener fd from ptrace
> seccomp: add support for passing fds via USER_NOTIF
>
> arch/Kconfig | 7 +
> include/linux/seccomp.h | 14 +-
> include/uapi/linux/ptrace.h | 2 +
> include/uapi/linux/seccomp.h | 20 +-
> kernel/ptrace.c | 4 +
> kernel/seccomp.c | 480 +++++++++++++++++-
> tools/testing/selftests/seccomp/seccomp_bpf.c | 359 ++++++++++++-
> 7 files changed, 878 insertions(+), 8 deletions(-)
>
> --
> 2.17.0
>
> _______________________________________________
> Containers mailing list
> Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
> https://lists.linuxfoundation.org/mailman/listinfo/containers
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
