Re: [PATCH v2] seccomp: passthrough uretprobe systemcall without filtering
From: Eyal Birger
Date: Sun Feb 02 2025 - 11:28:39 EST
On Sun, Feb 2, 2025 at 3:08 AM Jiri Olsa <olsajiri@xxxxxxxxx> wrote:
>
> On Thu, Jan 30, 2025 at 10:53:47PM +0100, Jiri Olsa wrote:
>
> SNIP
>
> > > > > I think this would mean that this test suite would need to run as
> > > > > privileged. Is that Ok? or maybe it'd be better to have a new suite?
> > > > >
> > > > > > With at least these cases combinations below. Check each of:
> > > > > >
> > > > > > - not using uretprobe passes
> > > > > > - using uretprobe passes (and validates that uretprobe did work)
> > > > > >
> > > > > > in each of the following conditions:
> > > > > >
> > > > > > - default-allow filter
> > > > > > - default-block filter
> > > > > > - filter explicitly blocking __NR_uretprobe and nothing else
> > > > > > - filter explicitly allowing __NR_uretprobe (and only other
> > > > > > required syscalls)
> > > > >
> > > > > Ok.
> > > >
> > > > please let me know if I can help in any way with tests
> > >
> > > Thanks! Is there a way to partition this work? I'd appreciate the help
> > > if we can find some way of doing so.
> >
> > sure, I'll check the seccomp selftests and let you know
>
> hi,
> if it's any help, feel free to use the code below that creates uretprobe,
> it could be bit simpler if we use libbpf, but I think that's not an option
Thank you very much!
Eyal.