Re: [PATCH 3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE

[RFC][PATCH 0/8] seccomp: Implement constant action bitmaps · Kees Cook <hidden> · 2020-06-16
[PATCH 1/8] selftests/seccomp: Improve calibration loop · Kees Cook <hidden> · 2020-06-16
[PATCH 5/8] selftests/seccomp: Compare bitmap vs filter overhead · Kees Cook <hidden> · 2020-06-16
[PATCH 8/8] [DEBUG] seccomp: Report bitmap coverage ranges · Kees Cook <hidden> · 2020-06-16
[PATCH 7/8] x86: Enable seccomp constant action bitmaps · Kees Cook <hidden> · 2020-06-16
[PATCH 6/8] x86: Provide API for local kernel TLB flushing · Kees Cook <hidden> · 2020-06-16
Re: [PATCH 6/8] x86: Provide API for local kernel TLB flushing · Andy Lutomirski <luto@kernel.org> · 2020-06-16
Re: [PATCH 6/8] x86: Provide API for local kernel TLB flushing · Kees Cook <hidden> · 2020-06-16
[PATCH 4/8] seccomp: Implement constant action bitmaps · Kees Cook <hidden> · 2020-06-16
Re: [PATCH 4/8] seccomp: Implement constant action bitmaps · Jann Horn <jannh@google.com> · 2020-06-16
Re: [PATCH 4/8] seccomp: Implement constant action bitmaps · Kees Cook <hidden> · 2020-06-16
Re: [PATCH 4/8] seccomp: Implement constant action bitmaps · Jann Horn <jannh@google.com> · 2020-06-16
Re: [PATCH 4/8] seccomp: Implement constant action bitmaps · Kees Cook <hidden> · 2020-06-16
Re: [PATCH 4/8] seccomp: Implement constant action bitmaps · Andy Lutomirski <luto@amacapital.net> · 2020-06-16
Re: [PATCH 4/8] seccomp: Implement constant action bitmaps · Dave Hansen <hidden> · 2020-06-16
Re: [PATCH 4/8] seccomp: Implement constant action bitmaps · Kees Cook <hidden> · 2020-06-16
[PATCH 3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE · Kees Cook <hidden> · 2020-06-16
Re: [PATCH 3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE · Andy Lutomirski <luto@amacapital.net> · 2020-06-16
Re: [PATCH 3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE · Jann Horn <jannh@google.com> · 2020-06-17
Re: [PATCH 3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE · Andy Lutomirski <luto@kernel.org> · 2020-06-17
Re: [PATCH 3/8] seccomp: Introduce SECCOMP_PIN_ARCHITECTURE · Jann Horn <jannh@google.com> · 2020-06-17
[PATCH 2/8] seccomp: Use pr_fmt · Kees Cook <hidden> · 2020-06-16
Re: [RFC][PATCH 0/8] seccomp: Implement constant action bitmaps · Andy Lutomirski <luto@kernel.org> · 2020-06-16
Re: [RFC][PATCH 0/8] seccomp: Implement constant action bitmaps · Kees Cook <hidden> · 2020-06-16

From: Andy Lutomirski <luto@amacapital.net>
Date: 2020-06-16 16:56:34
Also in: linux-security-module, lkml

On Tue, Jun 16, 2020 at 12:49 AM Kees Cook [off-list ref] wrote:

For systems that provide multiple syscall maps based on architectures
(e.g. AUDIT_ARCH_X86_64 and AUDIT_ARCH_I386 via CONFIG_COMPAT), allow
a fast way to pin the process to a specific syscall mapping, instead of
needing to generate all filters with an architecture check as the first
filter action.

Can you allow specification of the reject action?  I can see people
wanting TRAP instead, for example.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help