APPLIED: [Precise][Pull Request] SECCOMP mode 2, BPF

Kees Cook kees at ubuntu.com
Fri Mar 23 06:14:12 UTC 2012


Hi,

On Thu, Mar 22, 2012 at 01:43:57PM -0500, Will Drewry wrote:
> On Thu, Mar 22, 2012 at 8:07 AM, Tim Gardner <tim.gardner at canonical.com> wrote:
> > On 03/21/2012 02:35 PM, Kees Cook wrote:
> >> On Wed, Mar 21, 2012 at 02:28:33PM -0600, Tim Gardner wrote:
> >>> Applied for now pending Leann's opinion. I've made a first pass review.
> >>> Some of it is a bit dense. I'll have another look tomorrow.
> >>
> >> Thanks! I'm happy to field any questions about it, if that helps, and
> >> if I can't answer them, I'm sure Will can. :)
> >
> > So I guess it got uploaded. How about a quick description of how to
> > utilize the seccomp filter?
> > [...]
> > In the meantime I guess I'll go read the seccomp patch to the
> > Documentation directory.
> 
> If the docs can be made more coherent, I'm more than happy to change them up.

I've put together a little tutorial (with working code samples) on using
basic syscall filtering via seccomp filter here:

http://outflux.net/teach-seccomp/

-Kees

-- 
Kees Cook




More information about the kernel-team mailing list