[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180531144949.24995-1-tycho@tycho.ws>
Date: Thu, 31 May 2018 08:49:45 -0600
From: Tycho Andersen <tycho@...ho.ws>
To: linux-kernel@...r.kernel.org, containers@...ts.linux-foundation.org
Cc: Kees Cook <keescook@...omium.org>,
Andy Lutomirski <luto@...capital.net>,
Oleg Nesterov <oleg@...hat.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
"Serge E . Hallyn" <serge@...lyn.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Tyler Hicks <tyhicks@...onical.com>,
Akihiro Suda <suda.akihiro@....ntt.co.jp>,
"Tobin C . Harding" <me@...in.cc>, Tycho Andersen <tycho@...ho.ws>
Subject: [PATCH v3 0/4] seccomp trap to userspace
Hi all,
Here's a v3 of the seccomp trap to userspace, with all the nits from v2
fixed. Open questions from v2 are still:
1. is it ok not to use netlink?
2. what should the fd passing API look like? (see patch notes on this
one for details of why the current one might (?) be a problem)
As an added bonus, I've also written some stress testing, with lots of
tasks and listeners (1000 of each) sharing the same notification thread,
and not found any issues so far. Code is here:
https://github.com/tych0/kernel-utils/blob/master/seccomp/notify_stress.c
although I haven't included it in the patchset.
v2: https://lkml.org/lkml/2018/5/17/627
Tycho Andersen (4):
seccomp: add a return code to trap to userspace
seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE
seccomp: add a way to get a listener fd from ptrace
seccomp: add support for passing fds via USER_NOTIF
arch/Kconfig | 7 +
include/linux/seccomp.h | 14 +-
include/uapi/linux/ptrace.h | 2 +
include/uapi/linux/seccomp.h | 20 +-
kernel/ptrace.c | 4 +
kernel/seccomp.c | 477 +++++++++++++++++-
tools/testing/selftests/seccomp/seccomp_bpf.c | 373 +++++++++++++-
7 files changed, 889 insertions(+), 8 deletions(-)
--
2.17.0
Powered by blists - more mailing lists