Re: seccomp for 2.6.11-rc1-bk8
From: Rik van Riel
Date: Fri Jan 21 2005 - 13:41:53 EST
On Fri, 21 Jan 2005, Chris Wright wrote:
* Ingo Molnar (mingo@xxxxxxx) wrote:
why do you need any kernel code for this? This seems to be a limited
ptrace implementation: restricting untrusted userspace code to only be
able to exec read/write/sigreturn.
Only difference is in number of context switches, and number of running
processes (and perhaps ease of determining policy for which syscalls
are allowed). Although it's not really seccomp, it's just restricted
syscalls...
Yes, but do you care about the performance of syscalls
which the program isn't allowed to call at all ? ;)
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/