From: Christian Brauner <christian@brauner.io>
To: James Morris <jmorris@namei.org>
Cc: mic@digikod.net, ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [TECH TOPIC] seccomp
Date: Sat, 20 Jul 2019 09:41:11 +0200 [thread overview]
Message-ID: <E90059DC-B0EA-4519-99E5-CD9DD600B4D0@brauner.io> (raw)
In-Reply-To: <alpine.LRH.2.21.1907201715420.26406@namei.org>
On July 20, 2019 9:23:33 AM GMT+02:00, James Morris <jmorris@namei.org> wrote:
>On Fri, 19 Jul 2019, Christian Brauner wrote:
>
>> There is a close connection between 1. and 2. When a watcher
>intercepts
>> a syscall from a watchee and starts to inspect its arguments it can -
>> depending on the syscall rather often actually - determine whether or
>> not the syscall would succeed or fail. If it knows that the syscall
>will
>> succeed it currently still has to perform it in lieu of the watchee
>> since there is no way to tell the kernel to "resume" or actually
>perform
>> the syscall. It would be nice if we could discuss approaches to
>enabling
>> this feature as well.
>
>Landlock is exploring userspace access control via the seccomp
>syscall with ebpf, but from within the same process:
>
>https://landlock.io/
>
>It may be worth investigating whether Landlock could be extended to a
>split watcher/watchee model.
Certainly a valid point but...
I don't want to rely on landlock for this.
First, no one knows if and when it will ever land.
Second, seccomp is the go-to sandboxing solution for a lot of userspace already.
Often used without a full LSM.
Third, syscall interception to me is seccomp territory. :)
That's to say I'd like seccomp to have this feature *natively* and ideally not tied to
a complete LSM that needs to be merged for this. :)
Christian
next prev parent reply other threads:[~2019-07-20 7:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-19 9:35 [Ksummit-discuss] [TECH TOPIC] seccomp Christian Brauner
2019-07-19 12:32 ` Andy Lutomirski
2019-07-20 3:18 ` Kees Cook
2019-08-14 17:54 ` Andy Lutomirski
2019-08-15 17:48 ` Kees Cook
2019-08-15 18:26 ` Andy Lutomirski
2019-08-15 18:31 ` Christian Brauner
2019-08-15 19:21 ` Andy Lutomirski
2019-07-20 7:23 ` James Morris
2019-07-20 7:41 ` Christian Brauner [this message]
2019-07-25 14:18 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E90059DC-B0EA-4519-99E5-CD9DD600B4D0@brauner.io \
--to=christian@brauner.io \
--cc=jmorris@namei.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).