On Wed, Jul 16, 2014 at 2:23 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Wed, Jul 16, 2014 at 12:45 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: >> In seccomp_prepare_user_filter, would it make sense to return -EINVAL >> if !user_filter? That will make it slightly more pleasant to >> implement TSYNC-without-change if anyone ever wants it. (This isn't >> really necessary -- it's just slightly more polite.) > > I can't do this since EFAULT is already used to detect seccomp > capabilities from userspace. Aha. In that case, can you (separately) send a prctl.2 manpage patch documenting that? Also, I'm pretty sure you can get away with doing this for seccomp(2) -- EINVAL and ENOSYS are easily distinguishable, but the current behavior is IMO also fine if documented. --Andy
