[Top] [All Lists]

Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole

To: Markus Gutschke (顧孟勤) <>
Subject: Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole
From: Ingo Molnar <>
Date: Wed, 6 May 2009 23:54:50 +0200
Cc: Linus Torvalds <>, Roland McGrath <>, Andrew Morton <>,,,,,,
In-reply-to: <>
Original-recipient: rfc822;
References: <> <> <alpine.LFD.2.00.0902271932520.3111@localhost.localdomain> <alpine.LFD.2.00.0902271948570.3111@localhost.localdomain> <> <alpine.LFD.2.00.0902280916470.3111@localhost.localdomain> <> <> <>
User-agent: Mutt/1.5.18 (2008-05-17)
* Markus Gutschke (顧孟勤) <> wrote:

> On Wed, May 6, 2009 at 14:29, Ingo Molnar <> wrote:
> > That's a pretty interesting usage. What would be fallback mode you
> > are using if the kernel doesnt have seccomp built in? Completely
> > non-sandboxed? Or a ptrace/PTRACE_SYSCALL based sandbox?
> Ptrace has performance and/or reliability problems when used to 
> sandbox threaded applications due to potential race conditions 
> when inspecting system call arguments. We hope that we can avoid 
> this problem with seccomp. It is very attractive that kernel 
> automatically terminates any application that violates the very 
> well-defined constraints of the sandbox.
> In general, we are currently exploring different options based on 
> general availability, functionality, and complexity of 
> implementation. Seccomp is a good middle ground that we expect to 
> be able to use in the medium term to provide an acceptable 
> solution for a large segment of Linux users. Although the 
> restriction to just four unfiltered system calls is painful.

Which other system calls would you like to use? Futexes might be 
one, for fast synchronization primitives?


<Prev in Thread] Current Thread [Next in Thread>