|
|
|
|
|
|
by archivator
1429 days ago
|
|
|
> Note that seccomp has limited visibility into recvmsg / sendmsg args because bpf can't dereference syscall arg pointers. BPF programs attached to syscalls (via kprobe or fentry) can read arguments via helpers (bpf_probe_read_{user,kernel}). Seccomp uses "classic BPF" which has no concept of helpers or calls. |
|
|