diff options
| author | Kees Cook <keescook@chromium.org> | 2017-08-03 00:00:40 +0200 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-08-14 22:46:42 +0200 |
| commit | deb4de8b31bc5bf21efb6ac31150a01a631cd647 (patch) | |
| tree | 71ba73a95233cd80446c01105e5242598d22feb2 /Documentation/userspace-api | |
| parent | selftests/seccomp: Refactor RET_ERRNO tests (diff) | |
| download | linux-deb4de8b31bc5bf21efb6ac31150a01a631cd647.tar.xz linux-deb4de8b31bc5bf21efb6ac31150a01a631cd647.zip | |
seccomp: Provide matching filter for introspection
Both the upcoming logging improvements and changes to RET_KILL will need
to know which filter a given seccomp return value originated from. In
order to delay logic processing of result until after the seccomp loop,
this adds a single pointer assignment on matches. This will allow both
log and RET_KILL logic to work off the filter rather than doing more
expensive tests inside the time-critical run_filters loop.
Running tight cycles of getpid() with filters attached shows no measurable
difference in speed.
Suggested-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Diffstat (limited to 'Documentation/userspace-api')
0 files changed, 0 insertions, 0 deletions