On Mon, Sep 25, 2023 at 05:46:59PM +0200, Arnd Bergmann wrote:
> On Mon, Sep 25, 2023, at 15:20, Miklos Szeredi wrote:
> > On Mon, 25 Sept 2023 at 15:19, Christian Brauner <brauner@xxxxxxxxxx> wrote:
> >>
> >> > How about passing u64 *?
> >>
> >> struct statmnt_req {
> >> __u64 mnt_id;
> >> __u64 mask;
> >> };
> >>
> >> ?
> >
> > I'm fine with that as well.
>
> Yes, this looks fine for the compat syscall purpose.
>
> Not sure if losing visibility of the mnt_id and mask in ptrace
> or seccomp/bpf is a problem though.
It's an information retrieval syscall so there shouldn't be any need to
block it and I think that this ship has sailed in general. Container
workloads should migrate from seccomp to landlock if they need to filter
system calls like this.
