RFE: implement range checks #94
Comments
This was referenced Sep 10, 2017
topimiettinen
added a commit
to topimiettinen/libseccomp
that referenced
this issue
Sep 17, 2017
Add ops for checking whether arguments are in a specified range,
optionally negated and/or with mask: SCMP_CMP_{MASKED_}{NOT_}IN_RANGE.
Closes: seccomp#94
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
This was referenced Aug 19, 2020
|
In an effort to get v2.6.0 out sooner than later, I'm going to suggest we push this out to v2.7.0; if you have any concerns or objections please drop a comment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please add support for checking (preferrably multiple and masked) range(s) of values. For example in systemd (systemd/systemd#6256) we'd like to construct a filter which only allows
personality(2)with following use cases:personality(0xffffffff)to query personalitypersonality(PER_LINUX)(orpersonality(PER_LINUX32)) for effectively no change to current personalitywhile blocking all other cases.
This could be implemented with new (optionally masked and/or negated) compare operations with multiple ranges complemented with a negative check:
SCMP_CMP_MASKED_INRANGE, SCMP_CMP_MASKED_NOTINRANGE, SCMP_CMP_INRANGEandSCMP_CMP_NOTINRANGE.#44 may be related.
The text was updated successfully, but these errors were encountered: