From: Aleksa Sarai <asarai@suse.de>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Tycho Andersen <tycho@tycho.ws>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Linux API <linux-api@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
Akihiro Suda <suda.akihiro@lab.ntt.co.jp>,
Oleg Nesterov <oleg@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"Eric W . Biederman" <ebiederm@xmission.com>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: Re: [PATCH v6 4/5] seccomp: add support for passing fds via USER_NOTIF
Date: Thu, 13 Sep 2018 19:42:56 +1000 [thread overview]
Message-ID: <20180913094256.gpwrlu4gnjn6zyhn@mikami> (raw)
In-Reply-To: <CALCETrWZmN4FeCSwemfMeayupBmQ-NqpVWQuqSU34CLvzdx8gw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1712 bytes --]
On 2018-09-12, Andy Lutomirski <luto@amacapital.net> wrote:
> > The idea here is that the userspace handler should be able to pass an fd
> > back to the trapped task, for example so it can be returned from socket().
> >
> > I've proposed one API here, but I'm open to other options. In particular,
> > this only lets you return an fd from a syscall, which may not be enough in
> > all cases. For example, if an fd is written to an output parameter instead
> > of returned, the current API can't handle this. Another case is that
> > netlink takes as input fds sometimes (IFLA_NET_NS_FD, e.g.). If netlink
> > ever decides to install an fd and output it, we wouldn't be able to handle
> > this either.
>
> An alternative could be to have an API (an ioctl on the listener,
> perhaps) that just copies an fd into the tracee. There would be the
> obvious set of options: do we replace an existing fd or allocate a new
> one, and is it CLOEXEC. Then the tracer could add an fd and then
> return it just like it's a regular number.
>
> I feel like this would be more flexible and conceptually simpler, but
> maybe a little slower for the common cases. What do you think?
When we first discussed this I sent a (probably somewhat broken) patch
for "dup4" which would let you inject a file descriptor into a different
process -- I still think that having a method for injecting a file
descriptor without needing ptrace (and SCM_RIGHTS) shenanigans would be
generally useful. (With "dup4" you have a more obvious API for flags and
whether you allocate a new fd or use a specific one.)
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-09-13 9:41 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-06 15:28 [PATCH v6 0/5] seccomp trap to userspace Tycho Andersen
2018-09-06 15:28 ` [PATCH v6 1/5] seccomp: add a return code to " Tycho Andersen
2018-09-06 22:15 ` Tyler Hicks
2018-09-07 15:45 ` Tycho Andersen
2018-09-08 20:35 ` Tycho Andersen
2018-09-06 15:28 ` [PATCH v6 2/5] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE Tycho Andersen
2018-09-11 10:25 ` kbuild test robot
2018-09-11 10:25 ` kbuild test robot
2018-09-06 15:28 ` [PATCH v6 3/5] seccomp: add a way to get a listener fd from ptrace Tycho Andersen
2018-09-06 15:45 ` Jann Horn
2018-09-06 15:50 ` Tycho Andersen
2018-09-13 0:00 ` Andy Lutomirski
2018-09-13 9:24 ` Tycho Andersen
2018-10-17 7:25 ` Michael Tirado
2018-10-17 15:00 ` Tycho Andersen
[not found] ` <CAMkWEXM1c7AGTH=tpgoHtPnFFY-V+05nGOU90Sa1E3EPY9OhKQ@mail.gmail.com>
2018-10-17 18:15 ` Michael Tirado
2018-10-21 16:00 ` Tycho Andersen
2018-10-17 18:31 ` Kees Cook
2018-09-06 15:28 ` [PATCH v6 4/5] seccomp: add support for passing fds via USER_NOTIF Tycho Andersen
2018-09-06 16:15 ` Jann Horn
2018-09-06 16:22 ` Tycho Andersen
2018-09-06 18:30 ` Tycho Andersen
2018-09-10 17:00 ` Jann Horn
2018-09-11 20:29 ` Tycho Andersen
2018-09-12 23:52 ` Andy Lutomirski
2018-09-13 9:25 ` Tycho Andersen
2018-09-13 9:42 ` Aleksa Sarai [this message]
2018-09-19 9:55 ` Tycho Andersen
2018-09-19 14:19 ` Andy Lutomirski
2018-09-19 14:38 ` Tycho Andersen
2018-09-19 19:58 ` Andy Lutomirski
2018-09-20 23:42 ` Tycho Andersen
2018-09-20 23:42 ` Tycho Andersen
2018-09-21 2:18 ` Andy Lutomirski
2018-09-21 13:39 ` Tycho Andersen
2018-09-21 18:27 ` Andy Lutomirski
2018-09-21 22:03 ` Tycho Andersen
2018-09-21 20:46 ` Jann Horn
2018-09-25 12:53 ` Tycho Andersen
2018-09-06 15:28 ` [PATCH v6 5/5] samples: add an example of seccomp user trap Tycho Andersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180913094256.gpwrlu4gnjn6zyhn@mikami \
--to=asarai@suse.de \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=suda.akihiro@lab.ntt.co.jp \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.