> * Adrian Drzewiecki (z@private) wrote: > > > But what is wrong with the audit subsystem that is already in the kernel > > > tree? It should provide for this kind of notification, right? > > It only does notification. I belive Adrian's goals are to drop invalid > syscall requests on the floor and return. > > > There is nothing wrong with the audit subsystem. The only problem that > > I have is the lack of system-call sandboxing in LSM. > > We intentionally chose a lower level for interposition. For purely > disabling syscalls, was there a problem with Andrea's work? > > thanks, > -chris Chris, Last I checked, Andrea's patch has a fixed array of permitted syscalls. I would like more flexibility than that. Perhaps I should've based my work on his, and created a security_seccomp() call instead? Or maybe security_syscall_enter() and security_syscall_exit() ? (btw, Andrea's seccomp patch can be viewed at http://www.kernel.org/pub/linux/kernel/people/andrea/patches/v2.6/2.6.9-rc4/seccomp) -Adrian
This archive was generated by hypermail 2.1.3 : Wed Dec 08 2004 - 12:00:16 PST