Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

On Sep 11, 2015 9:44 AM, "Tycho Andersen" wrote: > > On Fri, Sep 11, 2015 at 09:20:55AM -0700, Andy Lutomirski wrote: > > On Sep 10, 2015 5:22 PM, "Tycho Andersen" > > wrote: > > > > > > This patch adds a way for a process that is "real root" to access the > > > seccomp filters of another proces

Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

On Fri, Sep 11, 2015 at 09:20:55AM -0700, Andy Lutomirski wrote: > On Sep 10, 2015 5:22 PM, "Tycho Andersen" > wrote: > > > > This patch adds a way for a process that is "real root" to access the > > seccomp filters of another process. The process first does a > > PTRACE_SECCOMP_GET_FILTER_FD to

Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

On Sep 10, 2015 5:22 PM, "Tycho Andersen" wrote: > > This patch adds a way for a process that is "real root" to access the > seccomp filters of another process. The process first does a > PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process' seccomp filter > attached, and then iterates on t

Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

On Fri, Sep 11, 2015 at 01:47:38PM +0200, Daniel Borkmann wrote: > On 09/11/2015 02:21 AM, Tycho Andersen wrote: > >This patch adds a way for a process that is "real root" to access the > >seccomp filters of another process. The process first does a > >PTRACE_SECCOMP_GET_FILTER_FD to get an fd with

Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

Hi Michael, On Fri, Sep 11, 2015 at 02:08:50PM +0200, Michael Kerrisk (man-pages) wrote: > HI Tycho > > On 11 September 2015 at 02:21, Tycho Andersen > wrote: > > This patch adds a way for a process that is "real root" to access the > > seccomp filters of another process. The process first does

Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

HI Tycho On 11 September 2015 at 02:21, Tycho Andersen wrote: > This patch adds a way for a process that is "real root" to access the > seccomp filters of another process. The process first does a > PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process' seccomp filter > attached, and then i

Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

On 09/11/2015 02:21 AM, Tycho Andersen wrote: This patch adds a way for a process that is "real root" to access the seccomp filters of another process. The process first does a PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process' seccomp filter attached, and then iterates on this with PTR

[PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

This patch adds a way for a process that is "real root" to access the seccomp filters of another process. The process first does a PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process' seccomp filter attached, and then iterates on this with PTRACE_SECCOMP_NEXT_FILTER using bpf(BPF_PROG_DUMP)