On Thu, 2012-01-12 at 17:14 +0100, Oleg Nesterov wrote: > May be this needs something like LSM_UNSAFE_SECCOMP, or perhaps > cap_bprm_set_creds() should take seccomp.mode == 2 into account, I dunno. > > OTOH, currently seccomp.mode == 1 doesn't allow to exec at all. I've never used seccomp, so I admit I'm totally ignorant on this topic. But looking at seccomp from the outside, the biggest advantage to this would be the ability for normal processes to be able to limit tasks it kicks off. If I want to run a task in a sandbox, I don't want to be root to do so. I guess a web browser doesn't perform an exec to run java programs. But it would be nice if I could execute something from the command line that I could run in a sand box. What's the problem with making sure that the setuid isn't set before doing an execv? Only fail when setuid (or some other magic) is enabled on the file being exec'd. Or is this a race where I can have a soft link pointing to a normal file, run this, and have the link change to a setuid file at just the right time that causes it to happen? -- Steve -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
