seccomp: Provide matching filter for introspection - linux-dev - Linux kernel development work

diff options

author	Kees Cook <keescook@chromium.org>	2017-08-02 15:00:40 -0700
committer	Kees Cook <keescook@chromium.org>	2017-08-14 13:46:42 -0700
commit	deb4de8b31bc5bf21efb6ac31150a01a631cd647 (patch)
tree	71ba73a95233cd80446c01105e5242598d22feb2 /Documentation/sysctl
parent	selftests/seccomp: Refactor RET_ERRNO tests (diff)
download	linux-dev-deb4de8b31bc5bf21efb6ac31150a01a631cd647.tar.xz linux-dev-deb4de8b31bc5bf21efb6ac31150a01a631cd647.zip

seccomp: Provide matching filter for introspection

Both the upcoming logging improvements and changes to RET_KILL will need to know which filter a given seccomp return value originated from. In order to delay logic processing of result until after the seccomp loop, this adds a single pointer assignment on matches. This will allow both log and RET_KILL logic to work off the filter rather than doing more expensive tests inside the time-critical run_filters loop. Running tight cycles of getpid() with filters attached shows no measurable difference in speed. Suggested-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Tyler Hicks <tyhicks@canonical.com>

Diffstat (limited to 'Documentation/sysctl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: