[PATCH RFC 2/2] seccomp: implement SECCOMP_FILTER_FLAG_NO_INHERITANCE
Dmitry V. Levin
ldv at altlinux.org
Mon Nov 18 19:11:29 UTC 2019
On Mon, Nov 18, 2019 at 08:02:48PM +0100, Paul Chaignon wrote:
> On Mon, Nov 18, 2019 at 09:39:41PM +0300, Dmitry V. Levin wrote:
[...]
> > Why can't we have only some of seccomp filters to be NO_FORK_INHERIT'ed?
>
> If we have filter list f1->nf2->f3, with only nf2 NO_FORK_INHERIT'ed, we
> would need to make a copy of at least f1 upon forking to rewrite its .prev
> pointer to point to f3 directly. Currently, children get a reference to
> the list, there's no need for any filter copy.
OK, we might need to make a copy, is it a problem?
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20191118/ba4b7d12/attachment.bin>
More information about the Strace-devel
mailing list