On Fri, Nov 27, 2020 at 02:32:35PM -0500, Gabriel Krisman Bertazi wrote: > Syscall User Dispatch (SUD) must take precedence over seccomp and > ptrace, since the use case is emulation (it can be invoked with a > different ABI) such that seccomp filtering by syscall number doesn't > make sense in the first place. In addition, either the syscall is > dispatched back to userspace, in which case there is no resource for to > trace, or the syscall will be executed, and seccomp/ptrace will execute > next. > > Since SUD runs before tracepoints, it needs to be a SYSCALL_WORK_EXIT as > well, just to prevent a trace exit event when dispatch was triggered. > For that, the on_syscall_dispatch() examines context to skip the > tracepoint, audit and other work. > > Signed-off-by: Gabriel Krisman Bertazi <krisman@xxxxxxxxxxxxx> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
