On Wed, May 20, 2020 at 01:17:20PM -0700, Lokesh Gidra wrote: > Adding the Android kernel team in the discussion. Unless I'm mistaken that you can already enforce bit 1 of the second parameter of the userfaultfd syscall to be set with seccomp-bpf, this would be more a question to the Android userland team. The question would be: does it ever happen that a seccomp filter isn't already applied to unprivileged software running without SYS_CAP_PTRACE capability? If answer is "no" the behavior of the new sysctl in patch 2/2 (in subject) should be enforceable with minor changes to the BPF assembly. Otherwise it'd require more changes. Thanks! Andrea
