On Fri, May 29, 2020 at 12:56:50AM -0700, Kees Cook wrote: > On Fri, May 29, 2020 at 09:51:37AM +0200, Christian Brauner wrote: > > Aside from this being not an issue now, can we please not dump seccomp > > filter contents in proc. That sounds terrible and what's the rationale, > > libseccomp already let's you dump filter contents while loading and you > > could ptrace it. But maybe I'm missing a giant need for this... > > The use-case comes from Android wanting to audit seccomp filters at > runtime. I think this is stalled until there is a good answer to "what > are you going to audit for, and how, given raw BPF?"
Doing this in proc seems very suboptimal why isn't this simply an extension to the seccomp syscall (passing in a struct with the target's pid or pidfd for example) to identify the target? But yeah, if there's no real audit strategy all of that seems weird. Christian
