mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-24 03:48:46 +07:00
58d0a862f5
One problem with seccomp was that ptrace could be used to change a syscall after seccomp filtering had completed. This was a well documented limitation, and it was recommended to block ptrace when defining a filter to avoid this problem. This can be quite a limitation for containers or other places where ptrace is desired even under seccomp filters. This adds tests for both SECCOMP_RET_TRACE and PTRACE_SYSCALL manipulations. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@kernel.org> |
||
---|---|---|
.. | ||
fault-injection | ||
ktest | ||
nvdimm | ||
radix-tree | ||
selftests |