LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering

[Posted May 25, 2011 by corbet]

From:  Peter Zijlstra <peterz-AT-infradead.org>
To:  Ingo Molnar <mingo-AT-elte.hu>
Subject:  Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Date:  Wed, 25 May 2011 19:43:22 +0200
Message-ID:  <1306345402.21578.100.camel@twins>
Cc:  linux-mips-AT-linux-mips.org, linux-sh-AT-vger.kernel.org, Frederic Weisbecker <fweisbec-AT-gmail.com>, Heiko Carstens <heiko.carstens-AT-de.ibm.com>, Oleg Nesterov <oleg-AT-redhat.com>, David Howells <dhowells-AT-redhat.com>, Paul Mackerras <paulus-AT-samba.org>, Eric Paris <eparis-AT-redhat.com>, "H. Peter Anvin" <hpa-AT-zytor.com>, sparclinux-AT-vger.kernel.org, Jiri Slaby <jslaby-AT-suse.cz>, linux-s390-AT-vger.kernel.org, Russell King <linux-AT-arm.linux.org.uk>, x86-AT-kernel.org, James Morris <jmorris-AT-namei.org>, Linus Torvalds <torvalds-AT-linux-foundation.org>, Ingo Molnar <mingo-AT-redhat.com>, Benjamin Herrenschmidt <benh-AT-kernel.crashing.org>, kees.cook-AT-canonical.com, "Serge E. Hallyn" <serge-AT-hallyn.com>, Steven Rostedt <rostedt-AT-goodmis.org>, Martin Schwidefsky <schwidefsky-AT-de.ibm.com>, Thomas Gleixner <tglx-AT-linutronix.de>, linux-arm-kernel <linux-arm-kernel-AT-lists.infradead.org>, Michal Marek <mmarek@s
Archive-link:  Article, Thread 

On Wed, 2011-05-25 at 17:01 +0200, Ingo Molnar wrote:
> > We do _NOT_ make any decision based on the trace point so what's the
> > "pre-existing" active role in the syscall entry code?
> 
> The seccomp code we are discussing in this thread. 

That isn't pre-existing, that's proposed.

But face it, you can argue until you're blue in the face, but both tglx
and I will NAK any and all patches that extend perf/ftrace beyond the
passive observing role.

Your arguments appear to be as non-persuasive to us as ours are to you,
so please drop this endeavor and let the security folks sort it on their
own and let's get back to doing useful work.
(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds