LWN: Comments on "Yet another new approach to seccomp"
https://lwn.net/Articles/475043/
This is a special feed containing comments posted
to the individual LWN article titled "Yet another new approach to seccomp".
en-usFri, 04 Oct 2024 08:38:13 +0000Fri, 04 Oct 2024 08:38:13 +0000https://www.rssboard.org/rss-specification[email protected]Yet another new approach to seccomp
https://lwn.net/Articles/507890/
https://lwn.net/Articles/507890/jamesmorris<div class="FormattedComment">
All great ideas seem "obvious" after the fact.<br>
<p>
It's an inspired work of engineering.<br>
<p>
<p>
</div>
Tue, 24 Jul 2012 06:51:31 +0000architecture independent seccomp policies
https://lwn.net/Articles/507116/
https://lwn.net/Articles/507116/pcmoore<div class="FormattedComment">
See libseccomp -> <a href="https://lwn.net/Articles/494252">https://lwn.net/Articles/494252</a><br>
</div>
Tue, 17 Jul 2012 18:34:22 +0000architecture independent seccomp policies
https://lwn.net/Articles/499774/
https://lwn.net/Articles/499774/whacker<div class="FormattedComment">
How does this stop implementing syscalls in their own code?<br>
</div>
Fri, 01 Jun 2012 16:57:03 +0000Yet another new approach to seccomp
https://lwn.net/Articles/475569/
https://lwn.net/Articles/475569/Cyberax<div class="FormattedComment">
/me runs away screaming<br>
</div>
Sun, 15 Jan 2012 22:17:53 +0000Yet another new approach to seccomp
https://lwn.net/Articles/475546/
https://lwn.net/Articles/475546/liljencrantzYou mean like <a href="http://mail-index.netbsd.org/tech-kern/2010/10/05/msg008900.html">Lunatik</a>, the Lua interpreter embedded in the NetBSD kernel?Sun, 15 Jan 2012 10:20:11 +0000Yet another new approach to seccomp
https://lwn.net/Articles/475325/
https://lwn.net/Articles/475325/ebiederm<div class="FormattedComment">
BPF is nice because it is trivial to verify and does not allow backwards branches.<br>
<p>
It seems an obvious choice of scripting engine for filtering to me.<br>
</div>
Fri, 13 Jan 2012 01:32:07 +0000Yet another new approach to seccomp
https://lwn.net/Articles/475228/
https://lwn.net/Articles/475228/Cyberax<div class="FormattedComment">
That's quite a bit of lateral thinking!<br>
<p>
So, when are we going to see kernel-mode JavaScript interpreter? :)<br>
</div>
Thu, 12 Jan 2012 17:44:58 +0000architecture independent seccomp policies
https://lwn.net/Articles/475107/
https://lwn.net/Articles/475107/scottt<div class="FormattedComment">
It seems clear that a small library that knows the syscall calling convention would be highly desirable to go along with this so that security policies can be expressed in an architecture independent way.<br>
<p>
</div>
Thu, 12 Jan 2012 04:03:48 +0000