Expand description
A wrapper for the SECCOMP Notify interface.
§Implementation
This implementation does not make any assumptions about how you get the SECCOMP FD. However, there are some considerations you should take into account:
- SECCOMP applies across threads. If you place the monitor in a separate thread, making sending the FD easy, the monitor will be confined by the policy it’s monitoring. This can cause deadlock where the monitor uses a syscall, which the kernel sends an event for, to which the monitor cannot handle because its currently waiting for itself to request it.
- FDs can be passed across a socket, but you cannot get the SECCOMP FD until you have
loaded the filter. This means you need to ensure that the syscalls used to send the
FD (
connect,sendmsg, etc) are not sent to the notifier, who does not have the SECCOMP FD yet.fd_socketprovides functions to send and receive a FD between processes. Seeantimony-monitor, and Antimony as a whole, to see how you can notify safely (Hint: Notify all Syscalls except those needed to send FD, which are instead logged on Audit, with a separate thread for reading the log).
Structs§
- Pair
- A Notification Pair.
Enums§
- Error
- Errors regarding to Notify.
Traits§
- Notifier
- A trait for transmitting a SECCOMP Notify FD to a Monitor.