Re: [PATCH v9 08/10] open: openat2(2) syscall

[PATCH v9 00/10] namei: openat2(2) path resolution restrictions · Aleksa Sarai <hidden> · 2019-07-06
[PATCH v9 01/10] namei: obey trailing magic-link DAC permissions · Aleksa Sarai <hidden> · 2019-07-06
Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions · Aleksa Sarai <hidden> · 2019-07-12
Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 01/10] namei: obey trailing magic-link DAC permissions · Aleksa Sarai <hidden> · 2019-07-14
[PATCH v9 02/10] procfs: switch magic-link modes to be more sane · Aleksa Sarai <hidden> · 2019-07-06
[PATCH v9 03/10] open: O_EMPTYPATH: procfs-less file descriptor re-opening · Aleksa Sarai <hidden> · 2019-07-06
[PATCH v9 04/10] namei: split out nd->dfd handling to dirfd_path_init · Aleksa Sarai <hidden> · 2019-07-06
Re: [PATCH v9 04/10] namei: split out nd->dfd handling to dirfd_path_init · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 04/10] namei: split out nd->dfd handling to dirfd_path_init · Aleksa Sarai <hidden> · 2019-07-12
Re: [PATCH v9 04/10] namei: split out nd->dfd handling to dirfd_path_init · Aleksa Sarai <hidden> · 2019-07-12
[PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Aleksa Sarai <hidden> · 2019-07-06
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Aleksa Sarai <hidden> · 2019-07-12
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-13
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-14
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Aleksa Sarai <hidden> · 2019-07-16
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Aleksa Sarai <hidden> · 2019-07-14
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-14
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Aleksa Sarai <hidden> · 2019-07-18
Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags · Aleksa Sarai <hidden> · 2019-07-14
[PATCH v9 06/10] namei: LOOKUP_IN_ROOT: chroot-like path resolution · Aleksa Sarai <hidden> · 2019-07-06
[PATCH v9 07/10] namei: aggressively check for nd->root escape on ".." resolution · Aleksa Sarai <hidden> · 2019-07-06
[PATCH v9 08/10] open: openat2(2) syscall · Aleksa Sarai <hidden> · 2019-07-06
Re: [PATCH v9 08/10] open: openat2(2) syscall · Rasmus Villemoes <linux@rasmusvillemoes.dk> · 2019-07-18
Re: [PATCH v9 08/10] open: openat2(2) syscall · Aleksa Sarai <hidden> · 2019-07-18
Re: [PATCH v9 08/10] open: openat2(2) syscall · Arnd Bergmann <arnd@arndb.de> · 2019-07-18
Re: [PATCH v9 08/10] open: openat2(2) syscall · Aleksa Sarai <hidden> · 2019-07-18
Re: [PATCH v9 08/10] open: openat2(2) syscall · Arnd Bergmann <arnd@arndb.de> · 2019-07-18
Re: [PATCH v9 08/10] open: openat2(2) syscall · Dmitry V. Levin <hidden> · 2019-07-19
Re: [PATCH v9 08/10] open: openat2(2) syscall · Christian Brauner <christian@brauner.io> · 2019-07-19
Re: [PATCH v9 08/10] open: openat2(2) syscall · Dmitry V. Levin <hidden> · 2019-07-19
Re: [PATCH v9 08/10] open: openat2(2) syscall · Aleksa Sarai <hidden> · 2019-07-19
[PATCH v9 09/10] kselftest: save-and-restore errno to allow for %m formatting · Aleksa Sarai <hidden> · 2019-07-06
[PATCH v9 10/10] selftests: add openat2(2) selftests · Aleksa Sarai <hidden> · 2019-07-06
Re: [PATCH v9 10/10] selftests: add openat2(2) selftests · Michael Ellerman <mpe@ellerman.id.au> · 2019-07-08
Re: [PATCH v9 10/10] selftests: add openat2(2) selftests · Aleksa Sarai <hidden> · 2019-07-08
Re: [PATCH v9 00/10] namei: openat2(2) path resolution restrictions · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-12
Re: [PATCH v9 00/10] namei: openat2(2) path resolution restrictions · Aleksa Sarai <hidden> · 2019-07-12

From: Christian Brauner <christian@brauner.io>
Date: 2019-07-19 10:29:57
Also in: linux-alpha, linux-api, linux-arch, linux-arm-kernel, linux-fsdevel, linux-kselftest, linux-mips, linux-s390, linux-sh, lkml, sparclinux

On Fri, Jul 19, 2019 at 05:12:18AM +0300, Dmitry V. Levin wrote:

On Thu, Jul 18, 2019 at 11:29:50PM +0200, Arnd Bergmann wrote:
[...]

quoted

5. you get the same problem with seccomp and strace that
   clone3() has -- these and others only track the register
   arguments by default.

Just for the record, this is definitely not the case for strace:
it decodes arrays, structures, netlink messages, and so on by default.

There sure is value in trying to design syscalls that can be handled
nicely by seccomp but that shouldn't become a burden on designing
extensible syscalls.
I suggested a session for Ksummit where we can discuss if and how we can
make seccomp more compatible with pointer-args in syscalls.

Christian

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help