Re: [PATCH 4/7] seccomp_filter: add process state reporting
[Posted May 4, 2011 by jake]
| From: |
| KOSAKI Motohiro <kosaki.motohiro-AT-jp.fujitsu.com> |
| To: |
| Will Drewry <wad-AT-chromium.org> |
| Subject: |
| Re: [PATCH 4/7] seccomp_filter: add process state reporting |
| Date: |
| Thu, 28 Apr 2011 12:21:45 +0900 (JST) |
| Message-ID: |
| <20110428122334.D197.A69D9226@jp.fujitsu.com> |
| Cc: |
| kosaki.motohiro-AT-jp.fujitsu.com, linux-kernel-AT-vger.kernel.org,
kees.cook-AT-canonical.com, eparis-AT-redhat.com, agl-AT-chromium.org,
mingo-AT-elte.hu, jmorris-AT-namei.org, rostedt-AT-goodmis.org,
Andrew Morton <akpm-AT-linux-foundation.org>,
Alexey Dobriyan <adobriyan-AT-gmail.com>,
David Howells <dhowells-AT-redhat.com>,
Al Viro <viro-AT-zeniv.linux.org.uk>,
David Rientjes <rientjes-AT-google.com>,
Stephen Wilson <wilsons-AT-start.ca> |
| Archive‑link: | |
Article |
> Adds seccomp and seccomp_filter status reporting to proc.
> /proc/<pid>/status will include a Seccomp field, and
> /proc/<pid>/seccomp_filter will provide read-only access
> to the current filter and bitmask set for seccomp_filters.
>
> Signed-off-by: Will Drewry <wad@chromium.org>
> ---
> fs/proc/array.c | 21 +++++++++++++++++++++
> fs/proc/base.c | 25 +++++++++++++++++++++++++
> 2 files changed, 46 insertions(+), 0 deletions(-)
I'm not againt seccomp_filter. but I dislike to increase /proc/<pid>/status mess.
1) it's read from a lot of applications, I don't want to worry about performance
thing. 2) 99.99% user never use seccomp. this field is useless for them.
Can't you make individual seccomp specific file?
