* Kees Cook <[email protected]> wrote:
> Hi,
>
> On Thu, May 12, 2011 at 09:48:50AM +0200, Ingo Molnar wrote:
> > 1) We already have a specific ABI for this: you can set filters for events
> > via
> > an event fd.
> >
> > Why not extend that mechanism instead and improve *both* your sandboxing
> > bits and the events code? This new seccomp code has a lot more
> > to do with trace event filters than the minimal old seccomp code ...
>
> Would this require privileges to get the event fd to start with? [...]
No special privileges with the default perf_events_paranoid value.
> [...] If so, I would prefer to avoid that, since using prctl() as shown in
> the patch set won't require any privs.
and we could also explicitly allow syscall events without any privileges,
regardless of the setting of 'perf_events_paranoid' config value.
Obviously a sandboxing host process wants to run with as low privileges as it
can.
Thanks,
Ingo
_______________________________________________
Linuxppc-dev mailing list
[email protected]
https://lists.ozlabs.org/listinfo/linuxppc-dev
