Re: [RFC PATCH v3 2/3] seccomp: add kernel-installed pinned-memfd redirect

From: Kees Cook

Date: Tue Jun 23 2026 - 15:11:26 EST


On Tue, Jun 23, 2026 at 12:02:32PM -0700, Andy Lutomirski wrote:
> I'm really not convinced that the min is needed to preserve any useful
> behavior. But Kees is very conservative about these things, with good
> reason.

What is going to use this feature? I'd rather not try to have a USER_NOTIF
security boundary since there are so many corner cases.

--
Kees Cook