Hi Geert!
On 8/26/20 1:23 PM, Geert Uytterhoeven wrote:
Changes from RFC v1:
- add return code check in do_trace_entry branch to enable syscall
filtering (will return -EPERM)
- change to use testl for return code check (suggested by Andreas Schwab)
Changes from RFC v2:
- don't set return code of filtered syscall - seccomp may want to set
that for use by calling process.
As your email subject didn't contain "v3", b4[*] insists on picking up
RFC v2, and refuses to pick up the latest version, even when forced
(msgid not present)...
The patch itself looks good to me. Does it make sense to apply it before
we have real seccomp support?
Adding SECCOMP support itself doesn't take much:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/sh?id=c4637d475170ca0d99973efd07df727012db6cd1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/sh?id=0bb605c2c7f2b4b314b91510810b226de7f34fa1
Once syscall_trace_entry/leave have been made available, we just need to
add some Kconfig bits and the part which checks the return code of
syscall_trace_enter.
The rest is done by arch-agnostic code.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@xxxxxxxxxx
`. `' Freie Universitaet Berlin - glaubitz@xxxxxxxxxxxxxxxxxxx
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
