2

Suppose we have a program spawner that is used to launch other programs with a seccomp filter. If one wants to deny the use of execve in app, could this be achieved by applying the filter to a thread within spawner and then spawner execves into app with the filter applied to app? If that won't work, then is there some other way that would?

Improve this question
3
  • Why not apply the filter just after fork(), before you exec()? Commented Apr 26, 2024 at 6:14
  • @TobySpeight Because a filter that denies execve will deny execve. Commented Apr 26, 2024 at 15:58
  • Oh, I see. Of course! Commented Apr 26, 2024 at 16:12
Related questions
1273
Defining a variable with or without export
2
Install seccomp filter in child
3
Why does loading seccomp filter affect permitted and effective capability set?
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.