Re: seccomp for 2.6.11-rc1-bk8

From: Chris Wright
Date: Fri Jan 21 2005 - 12:41:13 EST


* Ingo Molnar (mingo@xxxxxxx) wrote:
>
> * Andrea Arcangeli <andrea@xxxxxxxxxxxx> wrote:
>
> > This is the seccomp patch ported to 2.6.11-rc1-bk8, that I need for
> > Cpushare (until trusted computing will hit the hardware market).
> > [...]
>
> why do you need any kernel code for this? This seems to be a limited
> ptrace implementation: restricting untrusted userspace code to only be
> able to exec read/write/sigreturn.
>
> So this patch, unless i'm missing something, duplicates in essence what
> ptrace can do already here and today, on any Linux box, on any CPU. You
> can implement your client based on ptrace alone, just like UML does it -
> and UML has much more complex needs than secure isolation.

Only difference is in number of context switches, and number of running
processes (and perhaps ease of determining policy for which syscalls
are allowed). Although it's not really seccomp, it's just restricted
syscalls...

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/