Deferring seccomp decisions to user space [LWN.net]

Deferring seccomp decisions to user space

Posted Jun 2, 2018 13:04 UTC (Sat) by brauner (subscriber, #109349)
Parent article: Deferring seccomp decisions to user space

This is a much needed patchset and I'm really happy that since the first design discussions
at Plumbers last year it has seen rapid development thanks to Tycho. No one has really done
a lot of bikeshedding on it which is great!
It seems that people didn't really notice how much use cases this will enable once this is merged.
If I were one of gvisor guys I'd take a very close look at this patchset and whether it'd be possible
to kick out ptrace.
It's excellent that we've managed to decouple this from the ebpf seccomp patchset. The last step
is to hopefully not tie this to netlink as this looks like a lot of protocol for not much gain in this
case. But we'll see.

to post comments

Deferring seccomp decisions to user space

Posted Jun 3, 2018 13:11 UTC (Sun) by jhoblitt (subscriber, #77733) [Link] (2 responses)

The "gain" of using netlink is a standard client lib, such as libnl, could be used instead of every service having a custom interface with semantics that evolve differently than other kernel interfaces over time. Imagine what the state of interoperability would be if most "ReSTful" web APIs used a custom serialization format instead of JSON?

Deferring seccomp decisions to user space

Posted Sep 14, 2018 13:32 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (1 responses)

Well, that'd work if Go projects weren't so intent on not using *any* non-Go code in their stacks…</snark>

To not make this just a snark, I'll add a data point. I've seen git-lfs not want to fork out to Git for things like `remote get-url` and rather re-implement `insteadOf` and `pushInsteadOf` yet again. And so git-lfs is still broken with alias remote URLs that differ in push and pull. Attribute reading is also broken in the case of user "[attr]" attributes. Yes, both have issues filed (and I don't know Go (yet?) well enough to fix it myself).

I believe the *only* thing they fork for is to find out the version of Git used elsewhere. There might be one or two more instances as well, but they're of a similar level of actual functionality sharing.

Deferring seccomp decisions to user space

Posted Sep 14, 2018 14:46 UTC (Fri) by zlynx (guest, #2285) [Link]

I implemented a Go netlink reader for connection tracking. It wasn't hard for the most part (I do wish someone had explicitly written a few comments about data alignment instead of making it implicitly hidden in macros if I remember correctly).

I do wish that the netlink formats were better documented.

Calling C code from Go causes all sorts of complex interactions with the green threads and garbage collection so it is not a good idea to casually link into CGo.