User: Password:
|
|
Subscribe / Log in / New account

Re: [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works.

From:  "Serge E. Hallyn" <serge-AT-hallyn.com>
To:  Ingo Molnar <mingo-AT-elte.hu>
Subject:  Re: [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works.
Date:  Thu, 28 Apr 2011 12:43:34 -0500
Message-ID:  <20110428174334.GB25940@hallyn.com>
Cc:  Will Drewry <wad-AT-chromium.org>, linux-kernel-AT-vger.kernel.org, kees.cook-AT-canonical.com, eparis-AT-redhat.com, agl-AT-chromium.org, jmorris-AT-namei.org, rostedt-AT-goodmis.org, Randy Dunlap <rdunlap-AT-xenotime.net>, Linus Torvalds <torvalds-AT-linux-foundation.org>, Andrew Morton <akpm-AT-linux-foundation.org>, Tom Zanussi <tzanussi-AT-gmail.com>, =?iso-8859-1?Q?Fr=E9d=E9ric?= Weisbecker <fweisbec-AT-gmail.com>, Arnaldo Carvalho de Melo <acme-AT-redhat.com>, Peter Zijlstra <a.p.zijlstra-AT-chello.nl>, Thomas Gleixner <tglx-AT-linutronix.de>
Archive-link:  Article

Quoting Ingo Molnar (mingo@elte.hu):
> I've Cc:-ed Linus and Andrew: are you guys opposed to such flexible, dynamic 
> filters conceptually? I think we should really think hard about the actual ABI 
> as this could easily spread to more applications than Chrome/Chromium.

We want to use it for containers, to try and provide some bit of
mitigation for the fact that they are sharing a kernel with the host.

thanks,
-serge


(Log in to post comments)


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds