On Wed, Jan 11, 2012 at 9:25 AM, Will Drewry <wad@xxxxxxxxxxxx> wrote: > This patch adds support for seccomp mode 2. This mode enables dynamic > enforcement of system call filtering policy in the kernel as specified > by a userland task. The policy is expressed in terms of a BPF program, > as is used for userland-exposed socket filtering. Instead of network > data, the BPF program is evaluated over struct user_regs_struct at the > time of the system call (as retrieved using regviews). > There's some seccomp-related code in the vsyscall emulation path in arch/x86/kernel/vsyscall_64.c. How should time(), getcpu(), and gettimeofday() be handled? If you want filtering to work, there aren't any real syscall registers to inspect, but they could be synthesized. Preventing a malicious task from figuring out approximately what time it is is basically impossible because of the way that vvars work. I don't know how to change that efficiently. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
