alistair23-linux

redonkable

alistair23-linux

Fork 0

Commit Graph

Author	SHA1	Message	Date
Tycho Andersen	fec7b66905	samples: add an example of seccomp user trap The idea here is just to give a demonstration of how one could safely use the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular policy is (as noted in the comment) not very interesting, but it serves to illustrate how one might apply a policy dodging the various TOCTOU issues. Signed-off-by: Tycho Andersen <tycho@tycho.ws> CC: Kees Cook <keescook@chromium.org> CC: Andy Lutomirski <luto@amacapital.net> CC: Oleg Nesterov <oleg@redhat.com> CC: Eric W. Biederman <ebiederm@xmission.com> CC: "Serge E. Hallyn" <serge@hallyn.com> CC: Christian Brauner <christian@brauner.io> CC: Tyler Hicks <tyhicks@canonical.com> CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Signed-off-by: Kees Cook <keescook@chromium.org>	2018-12-11 16:32:11 -08:00

Author

SHA1

Message

Date

Tycho Andersen

fec7b66905

samples: add an example of seccomp user trap

The idea here is just to give a demonstration of how one could safely use
the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular
policy is (as noted in the comment) not very interesting, but it serves to
illustrate how one might apply a policy dodging the various TOCTOU issues.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: Kees Cook <keescook@chromium.org>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Eric W. Biederman <ebiederm@xmission.com>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Christian Brauner <christian@brauner.io>
CC: Tyler Hicks <tyhicks@canonical.com>
CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Signed-off-by: Kees Cook <keescook@chromium.org>

2018-12-11 16:32:11 -08:00

1 Commits (84242b82d81c54e009a2aaa74d3d9eff70babf56)