1. 12 Dec, 2018 1 commit
    • Tycho Andersen's avatar
      samples: add an example of seccomp user trap · fec7b669
      Tycho Andersen authored
      The idea here is just to give a demonstration of how one could safely use
      the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular
      policy is (as noted in the comment) not very interesting, but it serves to
      illustrate how one might apply a policy dodging the various TOCTOU issues.
      Signed-off-by: default avatarTycho Andersen <tycho@tycho.ws>
      CC: Kees Cook <keescook@chromium.org>
      CC: Andy Lutomirski <luto@amacapital.net>
      CC: Oleg Nesterov <oleg@redhat.com>
      CC: Eric W. Biederman <ebiederm@xmission.com>
      CC: "Serge E. Hallyn" <serge@hallyn.com>
      CC: Christian Brauner <christian@brauner.io>
      CC: Tyler Hicks <tyhicks@canonical.com>
      CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      fec7b669
  2. 28 Jun, 2012 1 commit