On Thu, Sep 24, 2020 at 1:29 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > Provide seccomp internals with the details to calculate which syscall > table the running kernel is expecting to deal with. This allows for > efficient architecture pinning and paves the way for constant-action > bitmaps. [...] > diff --git a/arch/x86/include/asm/seccomp.h b/arch/x86/include/asm/seccomp.h [...] > +#ifdef CONFIG_X86_64 [...] > +#else /* !CONFIG_X86_64 */ > +# define SECCOMP_ARCH AUDIT_ARCH_I386 > +#endif If we are on a 32-bit kernel, performing architecture number checks in the kernel is completely pointless, because we know that there is only a single architecture identifier under which syscalls can happen. While this patch is useful for enabling the bitmap logic in the following patches, I think it adds unnecessary overhead in the context of the previous patch. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
