* Kees Cook <kees.cook@xxxxxxxxxxxxx> wrote: > Hi, > > On Thu, May 12, 2011 at 09:48:50AM +0200, Ingo Molnar wrote: > > 1) We already have a specific ABI for this: you can set filters for events via > > an event fd. > > > > Why not extend that mechanism instead and improve *both* your sandboxing > > bits and the events code? This new seccomp code has a lot more > > to do with trace event filters than the minimal old seccomp code ... > > Would this require privileges to get the event fd to start with? [...] No special privileges with the default perf_events_paranoid value. > [...] If so, I would prefer to avoid that, since using prctl() as shown in > the patch set won't require any privs. and we could also explicitly allow syscall events without any privileges, regardless of the setting of 'perf_events_paranoid' config value. Obviously a sandboxing host process wants to run with as low privileges as it can. Thanks, Ingo
