From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
Subject: Re: [RFC 0/3] seccomp trap to userspace
Date: Fri, 16 Mar 2018 09:01:47 -0700
Message-ID: <D73E5C37-DC92-4D58-A163-0B20143AAEEB__21205.6520548233$1521215999$gmane$org@amacapital.net>
References: <20180204104946.25559-1-tycho@tycho.ws>
	<20180315160924.GA12744@gmail.com>
	<CALCETrVnvbZLx5v=DMu2N1JtR+ys507X5CYBi-qQnus3VMQdwg@mail.gmail.com>
	<20180315170509.GA32766@mail.hallyn.com>
	<CALCETrXPcCNbpFJhXktkVS9gOPpmnU_bbY6Z8RrsBarq0dP4Lg@mail.gmail.com>
	<20180315173524.k7vwnvnhomg2j5yv@smitten>
	<CALCETrWH7HbY2gS6O_cYKfp9QqqWBWVcHb++GaP3uUiSO9oo6g@mail.gmail.com>
	<20180316144751.GA3304@mailbox.org>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
In-Reply-To: <20180316144751.GA3304-cl+VPiYnx/1AfugRpC6u6w@public.gmane.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/containers>,
	<mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/containers/>
List-Post: <mailto:containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
List-Help: <mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/containers>,
	<mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=subscribe>
Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
To: Christian Brauner <christian.brauner-cl+VPiYnx/1AfugRpC6u6w@public.gmane.org>
Cc: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>, Linux Containers <containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>, LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, Akihiro Suda <suda.akihiro-Zyj7fXuS5i5L9jVzuh4AOg@public.gmane.org>, Christian Brauner <christian.brauner-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>, "Eric W . Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>, Andy Lutomirski <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>, Tyler Hicks <tyhicks-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>, Alexei Starovoitov <alexei.starovoitov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
List-Id: containers.vger.kernel.org

Cgo+IE9uIE1hciAxNiwgMjAxOCwgYXQgNzo0NyBBTSwgQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlz
dGlhbi5icmF1bmVyQG1haWxib3gub3JnPiB3cm90ZToKPiAKPj4gT24gRnJpLCBNYXIgMTYsIDIw
MTggYXQgMTI6NDY6NTVBTSArMDAwMCwgQW5keSBMdXRvbWlyc2tpIHdyb3RlOgoKCkkgYmV0IEkg
Y29uZnVzZWQgZXZlcnlvbmUgd2l0aCBhIGJsYXRhbnQgdHlwbzoKCj4+IAo+PiBIbW0sIEkgdGhp
bmsgd2UgaGF2ZSB0byBiZSB2ZXJ5IGNhcmVmdWwgdG8gYXZvaWQgbmFzdHkgcmFjZXMuICBJIHRo
aW5rCj4+IHRoZSBjb3JyZWN0IGFwcHJvYWNoIGlzIHRvIG5vdGljZSB0aGUgc2lnbmFsIGFuZCBz
ZW5kIGEgbWVzc2FnZSB0byB0aGUKPj4gbGlzdGVuZXIgdGhhdCBhIHNpZ25hbCBpcyBwZW5kaW5n
IGJ1dCB0byB0YWtlIG5vIGFkZGl0aW9uYWwgYWN0aW9uLgo+PiBJZiB0aGUgaGFuZGxlciBlbmRz
IHVwIGNvbXBsZXRpbmcgdGhlIHN5c2NhbGwgd2l0aCBhIHN1Y2Nlc3NmdWwKPj4gcmV0dXJuLCB3
ZSBkb24ndCB3YW50IHRvIHJlcGxhY2UgaXQgd2l0aCAtRUlOVFIuICBJT1cgdGhlIGNvZGUgbG9v
a3MKPj4ga2luZCBvZiBsaWtlOgo+PiAKPj4gc2VuZF90b19saXN0ZW5lcigiaGV5IEkgZ290IGEg
c2lnbmFsIik7CgpUaGF0IHNob3VsZCBiZSDigJxoZXkgSSBnb3QgYSBzeXNjYWxs4oCdLiAgIETi
gJlvaCEKCj4+IHdhaXRfcmV0ID0gd2FpdF9pbnRlcnJ1cHRpYmxlIGZvciB0aGUgbGlzdGVuZXIg
dG8gcmVwbHk7Cj4+IGlmICh3YWl0X3JldCA9PSAtRUlOVFIpIHsKPiAKPiBIbSwgc28gZnJvbSB0
aGUgcHNldWRvLWNvZGUgaXQgbG9va3MgbGlrZTogVGhlIGhhbmRsZXIgd291bGQgaW5mb3JtIHRo
ZQo+IGxpc3RlbmVyIHRoYXQgaXQgcmVjZWl2ZWQgYSBzaWduYWwgKGVpdGhlciBmcm9tIHRoZSBz
eXNjYWxsIHJlcXVlc3RlciBvcgo+IGZyb20gc29tZXdoZXJlIGVsc2UpIGFuZCB0aGVuIHdhaXQg
Zm9yIHRoZSBsaXN0ZW5lciB0byByZXBseSB0byB0aGF0Cj4gbWVzc2FnZS4gIFRoaXMgd291bGQg
YWxsb3cgdGhlIGxpc3RlbmVyIHRvIGRlY2lkZSB3aGF0IGFjdGlvbiBpdCB3YW50cwo+IHRoZSBo
YW5kbGVyIHRvIHRha2UgYmFzZWQgb24gdGhlIHNpZ25hbCwgaS5lLiBlaXRoZXIgY2FuY2VsIHRo
ZSByZXF1ZXN0Cj4gb3IgcmV0cnk/ICBUaGUgY29tbWVudCBtYWtlcyBpdCBzb3VuZCBsaWtlIHRo
YXQgdGhlIGhhbmRsZXIgZG9lc24ndAo+IHJlYWxseSB3YWl0IG9uIHRoZSBsaXN0ZW5lciB3aGVu
IGl0IHJlY2VpdmVzIGEgc2lnbmFsIGl0IHNpbXBseSBtb3Zlcwo+IG9uLgoKSXQga2VlcHMgd2Fp
dGluZyBraWxsYWJseSBidXQgbm90IGludGVycnVwdGlibHkuIAoKPiBTbyBubyAidGFraW5nIG5v
IGFkZGl0aW9uYWwgYWN0aW9uIiBoZXJlIG1lYW5zIG5vdCBoYXZlIHRoZSBoYW5kbGVyCj4gZGVj
aWRlIHRvIGFib3J0IGJ1dCB0aGUgbGlzdGVuZXI/CgpJZiBieSDigJxoYW5kbGVy4oCdIHlvdSBt
ZWFuIGtlcm5lbCwgdGhlbiB5ZXMuIAoKVGhlcmXigJlzIG5vIHVzZXJzcGFjZSBzeXNjYWxsIGhh
bmRsZXIgaW52b2x2ZWQuIEZyb20gdGhlIGtlcm5lbOKAmXMgcGVyc3BlY3RpdmUsIGEgc3lzY2Fs
bCBpcyBuZXZlciBzdGlsbCBpbiBwcm9ncmVzcyB3aGVuIGEgc2lnbmFsIGhhbmRsZXIgaXMgaW52
b2tlZCDigJQgd2Ugb25seSBhY3R1YWxseSBpbnZva2Ugc3lzY2FsbCBoYW5kbGVycyBpbiBwcmVw
YXJlX2V4aXRfdG9fdXNlcm1vZGUoKSBvciB0aGUgbm9uLXg4NiBlcXVpdmFsZW50IGFuZCB0aGUg
ZnVuY3Rpb25zIGl0IGNhbGxzLiBXaGlsZSBhIHN5c2NhbGwgaXMgcnVubmluZywgdGhlIGtlcm5l
bCBtaWdodCBub3RpY2UgdGhhdCBhIHNpZ25hbCBpcyBwZW5kaW5nIGFuZCBkbyBvbmUgb2YgYSBm
ZXcgdGhpbmdzOgoKMS4gSnVzdCBrZWVwIGdvaW5nLiBOb3QgYWxsIHN5c2NhbGxzIGNhbiBiZSBp
bnRlcnJ1cHRlZC4gCgoyLiBUcnkgdG8gZmluaXNoIGVhcmx5LiBJZiBhIHNlbmQoKSBjYWxsIGhh
cyBhbHJlYWR5IHNlbnQgc29tZSBidXQgbm90IGFsbCBkYXRhLCBpdCBjYW4gc3RvcCB3YWl0aW5n
IGFuZCByZXR1cm4gdGhlIG51bWJlciBvZiBieXRlcyBzZW50LgoKMy4gQWJvcnQgd2l0aCAtRUlO
VFIuCgo0LiBBYm9ydCB3aXRoIC1FUkVTVEFSVFNZUyBvciBvbmUgb2YgaXRzIHJlbGF0aXZlcy4g
VGhlc2UgZmlkZGxlIHdpdGggdXNlciByZWdpc3RlcnMgaW4gYSBzb21ld2hhdCB1bnBsZWFzYW50
IHdheSB0byBwcmV0ZW5kIHRoYXQgdGhlIHN5c2NhbGwgbmV2ZXIgYWN0dWFsbHkgaGFwcGVuZWQu
ICBUaGlzIHdvcmtzIGZvciBzeXNjYWxscyB0aGF0IHdhaXQgd2l0aCBhbiBhYnNvbHV0ZSB0aW1l
b3V0LCBmb3IgZXhhbXBsZS4gCgo1LiBTZXQgdXAgcmVzdGFydF9zeXNjYWxsKCkgbWFnaWMsIHJl
d3JpdGUgcmVncyBzbyBpdCBsb29rcyBsaWtlIHRoZSB1c2VyIHdhcyBhYm91dCB0byBjYWxsIHJl
c3RhcnRfc3lzY2FsbCgpIHdoZW4gdGhlIHNpZ25hbCBoYXBwZW5lZCwgYW5kIGFib3J0LiAKCklu
IGFsbCBjYXNlcywgdGhlIHNpZ25hbCBpcyBkZWFsdCB3aXRoIGFmdGVyd2FyZHMuIFRoaXMgY291
bGQgcmVzdWx0IGluIGNoYW5naW5nIHJlZ3MgdG8gY2FsbCB0aGUgaGFuZGxlciBvciBpbiBzaW1w
bHkgcmV0dXJuaW5nLiAKCjEtMyBzaG91bGQgd29yayBmdWxseSBpbiBzZWNjb21wLiBUaGUgb25s
eSBpc3N1ZSBpcyB0aGF0IHRoZSBrZXJuZWwgZG9lc27igJl0IGtub3cgKndoaWNoKiB0byBkbywg
bm9yIGNhbiB0aGUga2VybmVsIGZvcmNlIHRoZSBsaXN0ZW5lciB0byBhYm9ydCBjbGVhbmx5LCBz
byBJIHRoaW5rIHdlIGhhdmUgIG5vIHJlYWwgY2hvaWNlIGJ1dCB0byBsZXQgdGhlIGxpc3RlbmVy
IGRlY2lkZS4gCgo0IGNvdWxkIGJlIHN1cHBvcnRlZCBqdXN0IGxpa2UgMS0zLiA1IGlzIGF3ZnVs
LCBhbmQgSSBkb27igJl0IHRoaW5rIHdlIHNob3VsZCBzdXBwb3J0IGl0IGZvciB1c2VyIGxpc3Rl
bmVycy4gCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkNv
bnRhaW5lcnMgbWFpbGluZyBsaXN0CkNvbnRhaW5lcnNAbGlzdHMubGludXgtZm91bmRhdGlvbi5v
cmcKaHR0cHM6Ly9saXN0cy5saW51eGZvdW5kYXRpb24ub3JnL21haWxtYW4vbGlzdGluZm8vY29u
dGFpbmVycw==