Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp

From: Eyal Birger
Date: Thu Feb 06 2025 - 20:06:52 EST

Next message: Dave Hansen: "Re: [PATCH 06/10] x86/tdx: Mark message.str as nonstring"
Previous message: Howard Chu: "Re: [PATCH] perf: Improve startup time by reducing unnecessary stat() calls"
In reply to: Kees Cook: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Next in thread: Jiri Olsa: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 6, 2025 at 1:22 PM Kees Cook <kees@xxxxxxxxxx> wrote:
>
> On Sun, 02 Feb 2025 08:29:19 -0800, Eyal Birger wrote:
> > uretprobe(2) is an performance enhancement system call added to improve
> > uretprobes on x86_64.
> >
> > Confinement environments such as Docker are not aware of this new system
> > call and kill confined processes when uretprobes are attached to them.
> >
> > Since uretprobe is a "kernel implementation detail" system call which is
> > not used by userspace application code directly, pass this system call
> > through seccomp without forcing existing userspace confinement environments
> > to be changed.
> >
> > [...]
>
> With the changes I mentioned in each patch, I've applied this to
> for-next/seccomp, with the intention of getting them into v6.14-rc2.
>
> Thanks!

Thank you very much for your help.

Eyal.

Next message: Dave Hansen: "Re: [PATCH 06/10] x86/tdx: Mark message.str as nonstring"
Previous message: Howard Chu: "Re: [PATCH] perf: Improve startup time by reducing unnecessary stat() calls"
In reply to: Kees Cook: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Next in thread: Jiri Olsa: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]