LWN: Comments on "Checkpoint and restore for seccomp filters"
https://lwn.net/Articles/658422/
This is a special feed containing comments posted
to the individual LWN article titled "Checkpoint and restore for seccomp filters".
en-usSun, 09 Mar 2025 15:44:41 +0000Sun, 09 Mar 2025 15:44:41 +0000https://www.rssboard.org/rss-specificationlwn@lwn.netChanges to filter programs
https://lwn.net/Articles/659218/
https://lwn.net/Articles/659218/robbe<div class="FormattedComment">
<font class="QuotedText">> Restoring the hierarchy is needed so that changes to filter </font><br>
<font class="QuotedText">> programs properly propagate throughout the hierarchy tree. </font><br>
<p>
Wait! Does that mean that I can do:<br>
<p>
<parent> install filter F1<br>
<parent> fork()<br>
<child> install filter F2 ... I am now restricted by F1+F2<br>
<parent> replace F1 by F1'<br>
<br>
and have child be restricted by F1'+F2?<br>
<p>
Would that be an intentional feature and for what purpose? This spooky action at a distance leaves somewhat of a bad taste. But I guess it's not worse than a parent ptrace()ing its child...<br>
</div>
Mon, 05 Oct 2015 13:57:50 +0000pFad - Phonifier reborn
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.