[RFC PATCH v19 2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits
Jarkko Sakkinen
jarkko at kernel.org
Fri Jul 5 22:22:06 UTC 2024
On Sat Jul 6, 2024 at 12:44 AM EEST, Kees Cook wrote:
> > As explained in the UAPI comments, all parent processes need to be
> > trusted. This meeans that their code is trusted, their seccomp filters
> > are trusted, and that they are patched, if needed, to check file
> > executability.
>
> But we have launchers that apply arbitrary seccomp policy, e.g. minijail
> on Chrome OS, or even systemd on regular distros. In theory, this should
> be handled via other ACLs.
Or a regular web browser? AFAIK seccomp filtering was the tool to make
secure browser tabs in the first place.
BR, Jarkko
More information about the Linux-security-module-archive
mailing list