* Kees Cook [off-list ref] wrote:

Hi,

On Thu, May 12, 2011 at 09:48:50AM +0200, Ingo Molnar wrote:

quoted

1) We already have a specific ABI for this: you can set filters for events via 
   an event fd.

   Why not extend that mechanism instead and improve *both* your sandboxing
   bits and the events code? This new seccomp code has a lot more
   to do with trace event filters than the minimal old seccomp code ...

Would this require privileges to get the event fd to start with? [...]

No special privileges with the default perf_events_paranoid value.

[...] If so, I would prefer to avoid that, since using prctl() as shown in 
the patch set won't require any privs.

and we could also explicitly allow syscall events without any privileges, 
regardless of the setting of 'perf_events_paranoid' config value.

Obviously a sandboxing host process wants to run with as low privileges as it 
can.

Thanks,

	Ingo