> Thus, execv will not be a "special" case here. Seccomp either allows it > or not. But also add a command to tell seccomp that this task will not > be allowed to do anything privileged. A setuid binary is not necessarily priviledged - indeed a root -> user transition via setuid is pretty much the reverse. It's a change of user context. Things like ptrace and file permissions basically mean you can't build a barrier between stuff running as the same uid to a great extent except with heavy restricting, but saying "you can't become someone else" is very useful. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
