* Markus Gutschke (顧孟勤) <[email protected]> wrote:
> On Wed, May 6, 2009 at 14:29, Ingo Molnar <[email protected]> wrote:
> > That's a pretty interesting usage. What would be fallback mode you
> > are using if the kernel doesnt have seccomp built in? Completely
> > non-sandboxed? Or a ptrace/PTRACE_SYSCALL based sandbox?
>
> Ptrace has performance and/or reliability problems when used to
> sandbox threaded applications due to potential race conditions
> when inspecting system call arguments. We hope that we can avoid
> this problem with seccomp. It is very attractive that kernel
> automatically terminates any application that violates the very
> well-defined constraints of the sandbox.
>
> In general, we are currently exploring different options based on
> general availability, functionality, and complexity of
> implementation. Seccomp is a good middle ground that we expect to
> be able to use in the medium term to provide an acceptable
> solution for a large segment of Linux users. Although the
> restriction to just four unfiltered system calls is painful.
Which other system calls would you like to use? Futexes might be
one, for fast synchronization primitives?
Ingo
_______________________________________________
Linuxppc-dev mailing list
[email protected]
https://ozlabs.org/mailman/listinfo/linuxppc-dev
