Re: Crash when attaching uretprobes to processes running in Docker

From: Alexei Starovoitov
Date: Wed Jan 15 2025 - 12:56:35 EST


On Wed, Jan 15, 2025 at 7:06 AM Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> Or we can change __secure_computing() to do nothing if
> this_syscall == __NR_uretprobe.

I think that's the best way forward.
seccomp already allowlists sigreturn syscall.
uretprobe syscall is in the same category.
See __secure_computing_strict.