OSDN Git Service

(root) / android-x86 / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a21cc5) | patch
samples: add an example of seccomp user trap
authorTycho Andersen <tycho@tycho.ws>
Sun, 9 Dec 2018 18:24:14 +0000 (11:24 -0700)
committerKees Cook <keescook@chromium.org>
Wed, 12 Dec 2018 00:32:11 +0000 (16:32 -0800)
commitfec7b6690541b8128663a13c9586b1daf42b0a6c
treec5f07046f22b36ef62ff7cc02511acd0ace8ce9ftree | snapshot
parent6a21cc50f0c7f87dae5259f6cfefe024412313f6commit | diff
samples: add an example of seccomp user trap

The idea here is just to give a demonstration of how one could safely use
the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular
policy is (as noted in the comment) not very interesting, but it serves to
illustrate how one might apply a policy dodging the various TOCTOU issues.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: Kees Cook <keescook@chromium.org>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Eric W. Biederman <ebiederm@xmission.com>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Christian Brauner <christian@brauner.io>
CC: Tyler Hicks <tyhicks@canonical.com>
CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Signed-off-by: Kees Cook <keescook@chromium.org>
samples/seccomp/.gitignore diff | blob | history
samples/seccomp/Makefile diff | blob | history
samples/seccomp/user-trap.c [new file with mode: 0644] blob
kernel
About OSDN
Find Software
Develop Software
Help