This repository has been archived by the owner on Oct 2, 2024. It is now read-only.
seccomp root emulation: filter capset(2) with more nuance
#1891
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
At present, we simply fake success for
capset(2). However, likemknod(2), some uses ofcapset(2)are privileged and others are unprivileged. We could let through the unprivileged calls.Figuring out what is privileged and what isn’t is quite a bit more complicated, though, and it requires dereferencing struct pointers.
The text was updated successfully, but these errors were encountered: