[PATCH v7 1/3] Add an internal wrapper for clone, clone2 and clone3
H.J. Lu
hjl.tools@gmail.com
Mon May 31 12:23:53 GMT 2021
On Mon, May 31, 2021 at 5:16 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * H. J. Lu:
>
> > From:
> >
> > https://bugs.chromium.org/p/chromium/issues/detail?id=1213452#c5
> >
> > They can modify the sandbox to return ENOSYS on clone3.
>
> Is this sufficient if we have detected before that the process supports
Did you mean we could skip the following clone3 calls by caching
the first ENOSYS clone3 result?
> CET and should enable it?
>
> I think browsers activate the sandbox *after* process initialization
> (unlike containers, where it happens before startup).
>
> Thanks,
> Florian
>
--
H.J.
More information about the Libc-alpha
mailing list