Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262349AbTIZPSc (ORCPT ); Fri, 26 Sep 2003 11:18:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262352AbTIZPSc (ORCPT ); Fri, 26 Sep 2003 11:18:32 -0400 Received: from citi.umich.edu ([141.211.92.141]:62264 "EHLO citi.umich.edu") by vger.kernel.org with ESMTP id S262349AbTIZPS3 (ORCPT ); Fri, 26 Sep 2003 11:18:29 -0400 Date: Fri, 26 Sep 2003 11:18:27 -0400 From: Joe McClain To: Linux Kernel Mailing List Subject: Re: Syscall security Message-ID: <20030926151827.GA25361@umich.edu> Mail-Followup-To: Linux Kernel Mailing List References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org * Maciej Zenczykowski [030926 10:06]: > Hi, > > I'm wondering if there is any way to provide per process bitmasks of > available/illegal syscalls. Obviously this should most likely be > inherited through exec/fork. > > For example specyfying that pid N should return -ENOSYS on all syscalls > except read/write/exit. Look at Systrace. http://www.citi.umich.edu/u/provos/systrace/ - Joe - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/