Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook

From: Chris Wright (chrisw@private)
Date: Wed Dec 08 2004 - 12:09:02 PST

* Adrian Drzewiecki (z@private) wrote:
> Last I checked, Andrea's patch has a fixed array of permitted syscalls. I 
> would like more flexibility than that. Perhaps I should've based my work 
> on his, and created a security_seccomp() call instead? Or maybe 
> security_syscall_enter() and security_syscall_exit() ?

It's fixed, but can be set per process, and could be extended by either
adding new modes, and changing the way you define which syscalls are
allowed.  I'd rather not introduce syscall filtering into LSM unless
there's large demand for it.  There's too many potential problems with
syscall interposition.  How flexible do you want, and what are your

Linux Security Modules

This archive was generated by hypermail 2.1.3 : Wed Dec 08 2004 - 12:09:19 PST