On Thu, May 26, 2016 at 12:49:13AM -0700, Dan Kaminsky wrote:
> So I'm curious. There is another option -- seccomp-bpf can trap on
> arbitrary syscalls. Is there a reason anyone sees why UML couldn't be
> routed through it?
You need to be able to annull system calls. Dunno if seccomp can do
Hello!
So I've been spending some time in UML (among other virtualization
technologies). There's some interesting security and performance models it
possibly allows, even in this era of containers and hypervisors. Ptrace is
being something of a problem though; it's a little hairy and difficul
