Sargun Dhillon <sar...@sargun.me> writes: > This adds a seccomp notifier ioctl which allows for the listener to "add" > file descriptors to a process which originated a seccomp user > notification. This allows calls like mount, and mknod to be "implemented", > as the return value, and the arguments are data in memory. On the other > hand, calls like connect can be "implemented" using pidfd_getfd. > > Unfortunately, there are calls which return file descriptors, like > open, which are vulnerable to TOC-TOU attacks, and require that the > more privileged supervisor can inspect the argument, and perform the > syscall on behalf of the process generating the notifiation. This > allows the file descriptor generated from that open call to be > returned to the calling process. > > In addition, there is funcitonality to allow for replacement of > specific file descriptors, following dup2-like semantics. > > Signed-off-by: Sargun Dhillon <sar...@sargun.me> > Suggested-by: Matt Denton <mpden...@google.com> > Cc: Kees Cook <keesc...@google.com>, > Cc: Jann Horn <ja...@google.com>, > Cc: Robert Sesek <rse...@google.com>, > Cc: Chris Palmer <pal...@google.com> > Cc: Christian Brauner <christian.brau...@ubuntu.com> > Cc: Tycho Andersen <ty...@tycho.ws> > ---
Thanks, this is a really useful feature. Tested-by: Giuseppe Scrivano <gscri...@redhat.com>
