New issue
Advanced search Search tips

Issue 681802 link

Starred by 2 users
Status: Assigned
Owner:
ljusten@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

authpolicy: Make seccomp filters more stringent

Project Member Reported by ljusten@chromium.org, Jan 17 2017 
We used to run Samba binaries without minijail preload librart. CL:427705 fixed that. Now seccomp filters can be made more stringent since less code runs inside seccomp.

The following syscalls are candidates for removal (from an early test). Be careful not to introduce regression, though!

- arch_prctl
- brk
- execve
- getrlimit
- mprotect
- stat
- rt_sigaction
- rt_sigprocmask
- set_robust_list
- set_tid_address

Comment 1 by tnagel@chromium.org, Jan 31 2017

Labels: CodeHealth

Comment 2 by tnagel@chromium.org, Jan 31 2017

Summary: authpolicy: Make seccomp filters more stringent (was: Make seccomp filters more stringent.)

Comment 3 by ljusten@chromium.org, May 22 2017

Labels: -Pri-2 Pri-3

Comment 4 by ljusten@chromium.org, Jun 29 2017

Labels: -CodeHealth -M-58 -V2 Enterprise-Triaged

Comment 5 by ljusten@chromium.org, Feb 1 2018

Labels: Backlog

Sign in to add a comment