[adding Kenton -- you do interesting things with seccomp, too]
On Mar 9, 2016 1:25 PM, "Kees Cook" wrote:
>
> On Wed, Mar 9, 2016 at 1:18 PM, Andy Lutomirski wrote:
> > On Wed, Mar 9, 2016 at 1:10 PM, Kees Cook wrote:
> >> On Wed, Mar 9, 2016 at 12:58 PM, Andy Lutomirski
> >> wrote:
> >>> On
On Wed, Mar 9, 2016 at 1:18 PM, Andy Lutomirski wrote:
> On Wed, Mar 9, 2016 at 1:10 PM, Kees Cook wrote:
>> On Wed, Mar 9, 2016 at 12:58 PM, Andy Lutomirski wrote:
>>> On Tue, Mar 8, 2016 at 12:40 PM, Chris Metcalf
>>> wrote:
On 03/07/2016 03:55 PM, Andy Lutomirski wrote:
>>>
>>>
On Wed, Mar 9, 2016 at 1:10 PM, Kees Cook wrote:
> On Wed, Mar 9, 2016 at 12:58 PM, Andy Lutomirski wrote:
>> On Tue, Mar 8, 2016 at 12:40 PM, Chris Metcalf wrote:
>>> On 03/07/2016 03:55 PM, Andy Lutomirski wrote:
>>
>> Let task isolation users who want to detect when they screw up and
On 3/9/2016 4:07 PM, Andy Lutomirski wrote:
On Wed, Mar 9, 2016 at 1:05 PM, Chris Metcalf wrote:
On 3/9/2016 3:58 PM, Andy Lutomirski wrote:
My preference would be not to have to require all task-isolation users
to also figure out all the complexities of creating BPF programs, so
my intention
On Wed, Mar 9, 2016 at 12:58 PM, Andy Lutomirski wrote:
> On Tue, Mar 8, 2016 at 12:40 PM, Chris Metcalf wrote:
>> On 03/07/2016 03:55 PM, Andy Lutomirski wrote:
>
> Let task isolation users who want to detect when they screw up and do
> >>a syscall do it with seccomp.
On Wed, Mar 9, 2016 at 1:05 PM, Chris Metcalf wrote:
> On 3/9/2016 3:58 PM, Andy Lutomirski wrote:
>>>
>>> My preference would be not to have to require all task-isolation users
>>> >to also figure out all the complexities of creating BPF programs, so
>>> >my intention is to have task isolation au
On 3/9/2016 3:58 PM, Andy Lutomirski wrote:
My preference would be not to have to require all task-isolation users
>to also figure out all the complexities of creating BPF programs, so
>my intention is to have task isolation automatically generate a BPF
>program (just allowing prctl/exit/exit_gro
On Tue, Mar 8, 2016 at 12:40 PM, Chris Metcalf wrote:
> On 03/07/2016 03:55 PM, Andy Lutomirski wrote:
Let task isolation users who want to detect when they screw up and do
>>a syscall do it with seccomp.
>>>
>>>
>>> >Can you give me more details on what you're imagining here? Reme
On 03/07/2016 03:55 PM, Andy Lutomirski wrote:
Let task isolation users who want to detect when they screw up and do
>>a syscall do it with seccomp.
>Can you give me more details on what you're imagining here? Remember
>that a key use case is that these applications can remove the syscall
>pro
On Mon, Mar 7, 2016 at 12:51 PM, Chris Metcalf wrote:
> On 03/03/2016 06:46 PM, Andy Lutomirski wrote:
>>
>> On Thu, Mar 3, 2016 at 11:52 AM, Chris Metcalf
>> wrote:
>>>
>>> On 03/02/2016 07:36 PM, Andy Lutomirski wrote:
On Mar 2, 2016 12:10 PM, "Chris Metcalf" wrote:
>
> In pr
On 03/03/2016 06:46 PM, Andy Lutomirski wrote:
On Thu, Mar 3, 2016 at 11:52 AM, Chris Metcalf wrote:
On 03/02/2016 07:36 PM, Andy Lutomirski wrote:
On Mar 2, 2016 12:10 PM, "Chris Metcalf" wrote:
In prepare_exit_to_usermode(), call task_isolation_ready()
when we are checking the thread-info
On Thu, Mar 3, 2016 at 11:52 AM, Chris Metcalf wrote:
> On 03/02/2016 07:36 PM, Andy Lutomirski wrote:
>>
>> On Mar 2, 2016 12:10 PM, "Chris Metcalf" wrote:
>>>
>>> In prepare_exit_to_usermode(), call task_isolation_ready()
>>> when we are checking the thread-info flags, and after we've handled
>
On 03/02/2016 07:36 PM, Andy Lutomirski wrote:
On Mar 2, 2016 12:10 PM, "Chris Metcalf" wrote:
In prepare_exit_to_usermode(), call task_isolation_ready()
when we are checking the thread-info flags, and after we've handled
the other work, call task_isolation_enter() unconditionally.
In syscall_
On Mar 2, 2016 12:10 PM, "Chris Metcalf" wrote:
>
> In prepare_exit_to_usermode(), call task_isolation_ready()
> when we are checking the thread-info flags, and after we've handled
> the other work, call task_isolation_enter() unconditionally.
>
> In syscall_trace_enter_phase1(), we add the necess
In prepare_exit_to_usermode(), call task_isolation_ready()
when we are checking the thread-info flags, and after we've handled
the other work, call task_isolation_enter() unconditionally.
In syscall_trace_enter_phase1(), we add the necessary support for
strict-mode detection of syscalls.
We add s
15 matches
Mail list logo
