| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jul 2016 13:55:55 -0400 From: Kees Cook <keescook@...omium.org> To: Olof Johansson <olof@...om.net> Cc: Will Drewry <wad@...omium.org>, Andy Lutomirski <luto@...capital.net>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] samples/seccomp: Add standalone config option On Wed, Jul 6, 2016 at 2:53 AM, Olof Johansson <olof@...om.net> wrote: > Add a separate Kconfig option for SAMPLES_SECCOMP. > > Main reason for this is that, just like other samples, it's forced to be a module. > > Without this, since the sample is a target only controlled by > CONFIG_SECCOMP_FILTER, the samples will be built before include files are > put in place properly. For example, from an arm64 allmodconfig built with > "make -sk -j 32" (without specific target), the following happens: > > samples/seccomp/bpf-fancy.c:13:27: fatal error: linux/seccomp.h: No such file or directory > samples/seccomp/bpf-helper.h:20:50: fatal error: linux/seccomp.h: No such file or directory > samples/seccomp/dropper.c:20:27: fatal error: linux/seccomp.h: No such file or directory > samples/seccomp/bpf-direct.c:21:27: fatal error: linux/seccomp.h: No such file or directory Ah-ha! Yes, that's ugly. > So, just stick to the same format as other samples. Agreed, that makes sense to me. > > Signed-off-by: Olof Johansson <olof@...om.net> > --- > samples/Kconfig | 7 +++++++ > samples/seccomp/Makefile | 2 +- > 2 files changed, 8 insertions(+), 1 deletion(-) > > > Hi Kees, > > This has been showing up for a while on my builder, and I finally had > a bit of time to sit down and look at it. > > It'd be nice to see this in 4.7, but please consider for 4.8 at the least. > > > Thanks! > > -Olof > > diff --git a/samples/Kconfig b/samples/Kconfig > index 559a58b..ccc50be 100644 > --- a/samples/Kconfig > +++ b/samples/Kconfig > @@ -85,4 +85,11 @@ config SAMPLE_CONNECTOR > with it. > See also Documentation/connector/connector.txt > > +config SAMPLE_SECCOMP > + tristate "Build seccomp sample code -- loadable modules only" > + depends on SECCOMP_FILTER && m > + help > + Build samples of seccomp filters using various methods of > + BPF filter construction. > + > endif # SAMPLES > diff --git a/samples/seccomp/Makefile b/samples/seccomp/Makefile > index 1b4e4b8..ae7ff6f 100644 > --- a/samples/seccomp/Makefile > +++ b/samples/seccomp/Makefile > @@ -1,7 +1,7 @@ > # kbuild trick to avoid linker error. Can be omitted if a module is built. > obj- := dummy.o Can the above two lines be dropped now since it'll always be a module? > > -hostprogs-$(CONFIG_SECCOMP_FILTER) := bpf-fancy dropper bpf-direct > +hostprogs-$(CONFIG_SAMPLE_SECCOMP) := bpf-fancy dropper bpf-direct > > HOSTCFLAGS_bpf-fancy.o += -I$(objtree)/usr/include > HOSTCFLAGS_bpf-fancy.o += -idirafter $(objtree)/include > -- > 2.8.0.rc3.29.gb552ff8 > -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists