lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Mon, 07 Feb 2011 13:26:09 +0100
From:	Peter Zijlstra <>
To:	Stefan Fritsch <>
Cc:	Frederic Weisbecker <>,
	Eric Paris <>, Ingo Molnar <>,
	Masami Hiramatsu <>,,,,
	Jason Baron <>,
	Mathieu Desnoyers <>,,
	Steven Rostedt <>,
	Arnaldo Carvalho de Melo <>,
	Thomas Gleixner <>,
	James Morris <>
Subject: Re: Using ftrace/perf as a basis for generic seccomp

On Sat, 2011-02-05 at 12:51 +0100, Stefan Fritsch wrote:

> A really major use case is socketcall(2). All socket related syscalls 
> (accept, bind, connect, receivemsg, ...) are implemented as socketcall 
> with an appropriate argument. There will be many cases where you want a 
> sandboxed process to be able to do recvmsg(2) to receive new file 
> descriptors over an already open unix-domain socket from a broker process. 
> But you may want to disallow other socket operations, especially listen, 
> accept, and connect.
> Of course one could also add some special case handling for socketcall 
> in seccomp instead of using the full filtering.

That looks like a perfect use-case for the LSM bits, attach some state
to both the fd object and the task object and if they don't match, don't
allow the action.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists