do_get_mempolicy, however, drops the lock midway while we can still access it later. Early premature up_read is a historical artifact from times when put_user was called in this path see https://lwn.net/Articles/124754/ but that is gone since 8bccd85 ("[PATCH] Implement sys_* do_*...
{ LinuxSyscall: specs.LinuxSyscall{ Names: []string{ "get_mempolicy", "mbind", "set_mempolicy", }, Action: specs.ActAllow, }, Includes: &Filter{ Caps: []string{"CAP_SYS_NICE"}, }, }, The containerd profile does not seem to contain the syscalls above. https://github.com/containe...
一种新的存在于Intel,AMD,Arm CPU芯片上的数据泄露漏洞 http://t.cn/E2A7Ig4 安全工具Security Tools 用PDF-Parser创建并分析恶意PDF文档 http://t.cn/E2A7Ike 安全事件Security Incident Google Play上的虚假数字货币钱包盗取用户凭据并伪装成合法钱包 ...
Cherry pick #70900 to 24.10: make numactl respect EPERM error, when get_mempolicy is is restricted by seccomp commented Original pull-request#70900 This pull-request is a first step of an automated backporting. It contains changes similar to callinggit cherry-picklocally. If you intend to conti...