On Fri, Sep 04, 2015 at 01:26:42PM -0700, Kees Cook wrote: > On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen > <tycho.ander...@canonical.com> wrote: > > This patch adds a way for a process that is "real root" to access the > > seccomp filters of another process. The process first does a > > PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process' seccomp filter > > attached, and then iterates on this with PTRACE_SECCOMP_NEXT_FILTER using > > bpf(BPF_PROG_DUMP) to dump the actual program at each step. > > Why is this a new ptrace interface instead of a new seccomp interface? > I would expect this to only be valid for "current", otherwise we could > run into races as the ptracee adds filters. i.e. it is not safe to > examine seccomp filters from tasks other than current.
same question. I thought we discussed to add a command to seccomp() syscall for that? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
