Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Commit ce6526e8 authored by Kees Cook's avatar Kees Cook
Browse files

seccomp: recheck the syscall after RET_TRACE 


When RET_TRACE triggers, a tracer may change a syscall into something that
should be filtered by seccomp. This re-runs seccomp after a trace event
to make sure things continue to pass.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
parent 8112c4f1
Hide whitespace changes
Inline Side-by-side
Showing
with 18 additions and 3 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Open hardware computers for makers, educators and professionals