summaryrefslogtreecommitdiffstats
path: root/samples/seccomp/.gitignore
diff options
context:
space:
mode:
authorTycho Andersen <tycho@tycho.ws>2018-12-09 19:24:14 +0100
committerKees Cook <keescook@chromium.org>2018-12-12 01:32:11 +0100
commitfec7b6690541b8128663a13c9586b1daf42b0a6c (patch)
treec5f07046f22b36ef62ff7cc02511acd0ace8ce9f /samples/seccomp/.gitignore
parentseccomp: add a return code to trap to userspace (diff)
downloadlinux-fec7b6690541b8128663a13c9586b1daf42b0a6c.tar.xz
linux-fec7b6690541b8128663a13c9586b1daf42b0a6c.zip
samples: add an example of seccomp user trap
The idea here is just to give a demonstration of how one could safely use the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular policy is (as noted in the comment) not very interesting, but it serves to illustrate how one might apply a policy dodging the various TOCTOU issues. Signed-off-by: Tycho Andersen <tycho@tycho.ws> CC: Kees Cook <keescook@chromium.org> CC: Andy Lutomirski <luto@amacapital.net> CC: Oleg Nesterov <oleg@redhat.com> CC: Eric W. Biederman <ebiederm@xmission.com> CC: "Serge E. Hallyn" <serge@hallyn.com> CC: Christian Brauner <christian@brauner.io> CC: Tyler Hicks <tyhicks@canonical.com> CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'samples/seccomp/.gitignore')
-rw-r--r--samples/seccomp/.gitignore1
1 files changed, 1 insertions, 0 deletions
diff --git a/samples/seccomp/.gitignore b/samples/seccomp/.gitignore
index 78fb78184291..d1e2e817d556 100644
--- a/samples/seccomp/.gitignore
+++ b/samples/seccomp/.gitignore
@@ -1,3 +1,4 @@
bpf-direct
bpf-fancy
dropper
+user-trap