[PATCH v8 0/2] seccomp trap to userspace
From: Tycho Andersen
Date: Mon Oct 29 2018 - 18:40:45 EST
Hi everyone,
Here's v8 of the seccomp trap to userspace series. Major changes are:
* dropped the ptrace API all together. I believe based on the last
thread that it could be made safe by adding a check on the refcount of
the filter when grabbing it, but that sort of feels like a hack and
it's not strictly necessary, so I dropped it.
* dropped the fd passing bits (for now). I like Andy's API proposal, and
there are a few ways to implement it, but how exactly is
controversial, and the stuff I'm really interested in using this for
doesn't need the fd passing bits.
* applied all the feedback from v7 (I think, there was a lot of it :)
Link to v7: https://lkml.org/lkml/2018/9/27/968
Cheers,
Tycho
Tycho Andersen (2):
seccomp: add a return code to trap to userspace
samples: add an example of seccomp user trap
Documentation/ioctl/ioctl-number.txt | 1 +
.../userspace-api/seccomp_filter.rst | 66 +++
include/linux/seccomp.h | 7 +-
include/uapi/linux/seccomp.h | 35 +-
kernel/seccomp.c | 475 +++++++++++++++++-
samples/seccomp/.gitignore | 1 +
samples/seccomp/Makefile | 7 +-
samples/seccomp/user-trap.c | 345 +++++++++++++
tools/testing/selftests/seccomp/foo | 106 ++++
tools/testing/selftests/seccomp/seccomp_bpf.c | 355 ++++++++++++-
10 files changed, 1387 insertions(+), 11 deletions(-)
create mode 100644 samples/seccomp/user-trap.c
create mode 100644 tools/testing/selftests/seccomp/foo
--
2.17.1