Aug 24 – 28, 2020
US/Pacific timezone

seccomp feature development

Aug 26, 2020, 9:00 AM
Refereed Track/Virtual-Room (LPC Virtual)

Refereed Track/Virtual-Room

LPC Virtual

Kernel Summit Kernel Summit


Kees Cook (Google)


As outlined in the topics include:

  • fd passing
  • deep argument inspection
  • changing structure sizes
  • syscall bitmasks

Specifically, seccomp needs to grow the ability to inspect Extensible Argument syscalls, which requires that it inspect userspace memory without Time-of-Check/Time-of-Use races and without double-copying. Additionally, since the structures can grow and be nested, there needs to be a way to deal with flattening the arguments into a linear buffer that can be examined by seccomp's BPF dialect. All of this also needs to be handled by the USER_NOTIF implementation. Finally, fd passing needs to be finished, and there needs to be an exploration of syscall bitmasks to augment the existing filters to gain back some performance.

I agree to abide by the anti-harassment policy I agree

Primary author

Kees Cook (Google)

Presentation materials

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Catchboxes Sponsor

Conference Services Provided By