Hey everyone,
This is the patchset coming out of the KSummit session Kees and I gave in Lisbon last week (cf. [3] which also contains slides with more details on related things such as deep argument inspection). The simple idea is to extend the seccomp notifier to allow for the continuation of a syscall. The rationale for this can be found in the commit message to [1]. For the curious there is more detail in [2]. This patchset would unblock supervising an extended set of syscalls such as mount() where a privileged process is supervising the syscalls of a lesser privileged process and emulates the syscall for the latter in userspace. For more comments on security see [1].
Thanks! Christian
/* References */ [1]: [PATCH 1/4] seccomp: add SECCOMP_RET_USER_NOTIF_ALLOW [2]: https://lore.kernel.org/r/20190719093538.dhyopljyr5ns33qx@brauner.io [3]: https://linuxplumbersconf.org/event/4/contributions/560
Christian Brauner (4): seccomp: add SECCOMP_RET_USER_NOTIF_ALLOW seccomp: add two missing ptrace ifdefines seccomp: avoid overflow in implicit constant conversion seccomp: test SECCOMP_RET_USER_NOTIF_ALLOW
include/uapi/linux/seccomp.h | 2 + kernel/seccomp.c | 24 +++- tools/testing/selftests/seccomp/seccomp_bpf.c | 110 +++++++++++++++++- 3 files changed, 131 insertions(+), 5 deletions(-)