Re: [PATCH] seccomp: Add pkru into seccomp_data

Andy Lutomirski Thu, 25 Oct 2018 17:50:26 -0700

> On Oct 25, 2018, at 5:35 PM, Kees Cook <[email protected]> wrote:
> 
>> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski <[email protected]> 
>> wrote:
>> You could bite the bullet and add seccomp eBPF support :)
> 
> I'm not convinced this is a good enough reason for gaining the eBPF
> attack surface yet.
> 
> 

Is it an interesting attack surface?  It’s certainly scarier if you’re worried 
about attacks from the sandbox creator, but the security inside the sandbox 
should be more or less equivalent, no?

Re: [PATCH] seccomp: Add pkru into seccomp_data

Reply via email to