Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp

From: Jiri Olsa
Date: Fri Feb 07 2025 - 08:24:20 EST

Next message: Daniel Almeida: "Re: [PATCH v6 2/3] rust: io: mem: add a generic iomem abstraction"
Previous message: Quentin Monnet: "Re: [PATCH bpf-next v1 0/1] Using the right format specifiers for bpftool"
In reply to: Eyal Birger: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Next in thread: Jann Horn: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 06, 2025 at 05:06:29PM -0800, Eyal Birger wrote:
> On Thu, Feb 6, 2025 at 1:22 PM Kees Cook <kees@xxxxxxxxxx> wrote:
> >
> > On Sun, 02 Feb 2025 08:29:19 -0800, Eyal Birger wrote:
> > > uretprobe(2) is an performance enhancement system call added to improve
> > > uretprobes on x86_64.
> > >
> > > Confinement environments such as Docker are not aware of this new system
> > > call and kill confined processes when uretprobes are attached to them.
> > >
> > > Since uretprobe is a "kernel implementation detail" system call which is
> > > not used by userspace application code directly, pass this system call
> > > through seccomp without forcing existing userspace confinement environments
> > > to be changed.
> > >
> > > [...]
> >
> > With the changes I mentioned in each patch, I've applied this to
> > for-next/seccomp, with the intention of getting them into v6.14-rc2.
> >
> > Thanks!
>
> Thank you very much for your help.

great!

thanks,
jirka

Next message: Daniel Almeida: "Re: [PATCH v6 2/3] rust: io: mem: add a generic iomem abstraction"
Previous message: Quentin Monnet: "Re: [PATCH bpf-next v1 0/1] Using the right format specifiers for bpftool"
In reply to: Eyal Birger: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Next in thread: Jann Horn: "Re: [PATCH v3 0/2] seccomp: pass uretprobe system call through seccomp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]