|
|
Log in / Subscribe / Register

Deferring seccomp decisions to user space

Deferring seccomp decisions to user space

Posted Jun 2, 2018 16:42 UTC (Sat) by skx (subscriber, #14652)
Parent article: Deferring seccomp decisions to user space

I have to say I'm interested in seeing how this turns out - at least partially because I wrote a linux-security-module which defers checks for exec calls to user-space. The code is reasonably clean, and the overhead of having to exec a user-space binary is essentially unnoticed.

The code is here:

BPF has so many uses, and I'm loving the way it is becoming better documented, and more useful. I'm sure it is only a matter of time before it is invoked by linux-security modules.

to post comments

Deferring seccomp decisions to user space

Posted Jun 3, 2018 22:47 UTC (Sun) by oscode (guest, #82250) [Link]

Thanks for sharing! Your LSM projects look interesting, it's just a shame they can't be dynamically loaded.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds