Re: [-mm patch] seccomp: don't say it was more or less mandatory

From: Ingo Molnar
Date: Tue Mar 15 2005 - 09:48:21 EST

* Andrea Arcangeli <andrea@xxxxxxxxxxxx> wrote:

> > technical comment: seccomp goes outside the audit/selinux framework,
> > which i believe is a bug. Andrea?
> I intentionally left it out of audit/selinux. To the less dependencies
> it has on other parts of the kernel and the simpler it is, the better
> IMHO. Seccomp should be fixed in stone, people shouldn't go hack on it
> every day.

let me put it another way: this is a security hole. seccomp is now a way
to evade the auditing of read/write syscalls done to an opened file.
Please fix this.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at