Quoting Kees Cook (keesc...@chromium.org):
> It is currently impossible to examine the state of seccomp for
> a given process. While attaching with gdb and attempting "call
> prctl(PR_GET_SECCOMP,...)" will work with some situations, it is not
> reliable. If the process is in seccomp mode 1, this q
On Sat, Nov 3, 2012 at 4:51 AM, Vasiliy Kulikov wrote:
> On Thu, Nov 01, 2012 at 11:35 -0700, Kees Cook wrote:
>> @@ -327,6 +327,13 @@ static inline void task_cap(struct seq_file *m, struct
>> task_struct *p)
>> render_cap_t(m, "CapBnd:\t", &cap_bset);
>> }
>>
>> +static inline void task_s
On Thu, Nov 01, 2012 at 11:35 -0700, Kees Cook wrote:
> @@ -327,6 +327,13 @@ static inline void task_cap(struct seq_file *m, struct
> task_struct *p)
> render_cap_t(m, "CapBnd:\t", &cap_bset);
> }
>
> +static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
> +{
> +#ifd
It is currently impossible to examine the state of seccomp for
a given process. While attaching with gdb and attempting "call
prctl(PR_GET_SECCOMP,...)" will work with some situations, it is not
reliable. If the process is in seccomp mode 1, this query will kill the
process (prctl not allowed), if
4 matches
Mail list logo
