[Virtio-fs] [PATCH] virtiofsd: conditional compile seccomp flag support
Eric Ren
renzhen at linux.alibaba.com
Thu Jul 11 12:49:51 UTC 2019
Hi,
On Thu, Jul 11, 2019 at 01:32:54PM +0100, Dr. David Alan Gilbert wrote:
> * Eric Ren (renzhen at linux.alibaba.com) wrote:
[...]
> > > Eithe rway, is it actually safe without this define -
> > Actually I don't know the exact effect of SCMP_FLTATR_CTL_TSYNC attr.
> > What if we gives a warning instead of error if failing to set it?
> >
> > > or does the thread
> > > which actually runs the work not get the support?
> >
> > Sorry, I fail to get your point here?
>
> I don't know seccomp that well (lets ask Stefan!), but my understanding
> of TSYNC is that it causes all threads to get the new seccomp rules
> not just the thread we're running in. So I'm worried that if we don't
> have TSYNC, some threads will run without the protection they need.
Thanks, I get it. On older kernel host, it has not this support so
I guess a warning message is the best we can do ;-)
Regards,
Eric
More information about the Virtio-fs
mailing list