On Thu, Sep 12, 2013 at 10:38:31AM +0200, Samuel Thibault wrote: > Richard Braun, le Thu 12 Sep 2013 10:33:23 +0200, a écrit : > > Then why are we discussing interposing system calls ? > > Because a malicious program can still use the trap to escape whatever > cgroup system we are setting up.
I suggest we simply disable the trap versions... First, we don't use them, and second, I expect the improvement margin to be very low compared to the main performance issues we're facing currently. Finally, it simply goes against the principle of interface virtualization. Personally, I'm not even comfortable with having any other system call than mach_msg, since even mach_xxx_self() could be implemented with it, e.g. as code simply returning a special port. This would also make the job of tracing tools much easier. -- Richard Braun
