[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

Seccomp filters for multi-threaded programs

Seccomp filters for multi-threaded programs

Posted Jun 2, 2014 17:34 UTC (Mon) by jhoblitt (subscriber, #77733)
Parent article: Seccomp filters for multi-threaded programs

Does using seccomp mean paying the cost of checking syscall calls twice? Once by seccomp and then again by SELinux?

to post comments

Seccomp filters for multi-threaded programs

Posted Jun 2, 2014 19:47 UTC (Mon) by kees (subscriber, #27264) [Link]

LSMs (like SELinux) do not actually check syscalls. They do policy management at a higher level via the various "LSM hooks". The performance impact of the checks would add since they're in different areas of code with very different policy processing.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds