| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Aug 2018 21:07:59 +0200
From: Christian Brauner <christian@...uner.io>
To: Tycho Andersen <tycho@...ho.ws>
Cc: Kees Cook <keescook@...omium.org>, linux-api@...r.kernel.org,
containers@...ts.linux-foundation.org,
Akihiro Suda <suda.akihiro@....ntt.co.jp>,
Oleg Nesterov <oleg@...hat.com>, linux-kernel@...r.kernel.org,
"Eric W . Biederman" <ebiederm@...ssion.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Andy Lutomirski <luto@...capital.net>,
Serge Hallyn <serge@...lyn.com>, Jann Horn <jannh@...gle.com>
Subject: Re: [PATCH v5 2/5] seccomp: make get_nth_filter available outside of
CHECKPOINT_RESTORE
On Tue, Aug 28, 2018 at 08:36:00AM -0600, Tycho Andersen wrote:
> In the next commit we'll use this same mnemonic to get a listener for the
> nth filter, so we need it available outside of CHECKPOINT_RESTORE in the
> USER_NOTIFICATION case as well.
>
> v2: new in v2
> v3: no changes
> v4: no changes
> v5: switch to CHECKPOINT_RESTORE || USER_NOTIFICATION to avoid warning when
> only CONFIG_SECCOMP_FILTER is enabled.
>
> Signed-off-by: Tycho Andersen <tycho@...ho.ws>
> CC: Kees Cook <keescook@...omium.org>
> CC: Andy Lutomirski <luto@...capital.net>
> CC: Oleg Nesterov <oleg@...hat.com>
> CC: Eric W. Biederman <ebiederm@...ssion.com>
> CC: "Serge E. Hallyn" <serge@...lyn.com>
> CC: Christian Brauner <christian.brauner@...ntu.com>
> CC: Tyler Hicks <tyhicks@...onical.com>
> CC: Akihiro Suda <suda.akihiro@....ntt.co.jp>
> ---
> kernel/seccomp.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
(Putting Serge and Jann in Cc. They seem to have been left out on
accident. :))
Acked-by: Christian Brauner <christian@...uner.io>
>
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index a09eb5c05f68..ed786655186d 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -1188,7 +1188,8 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
> return do_seccomp(op, 0, uargs);
> }
>
> -#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE)
> +#if defined(CONFIG_CHECKPOINT_RESTORE) || \
> + defined(CONFIG_SECCOMP_USER_NOTIFICATION)
> static struct seccomp_filter *get_nth_filter(struct task_struct *task,
> unsigned long filter_off)
> {
> @@ -1235,6 +1236,7 @@ static struct seccomp_filter *get_nth_filter(struct task_struct *task,
> return filter;
> }
>
> +#if defined(CONFIG_CHECKPOINT_RESTORE)
> long seccomp_get_filter(struct task_struct *task, unsigned long filter_off,
> void __user *data)
> {
> @@ -1307,7 +1309,8 @@ long seccomp_get_metadata(struct task_struct *task,
> __put_seccomp_filter(filter);
> return ret;
> }
> -#endif
> +#endif /* CONFIG_CHECKPOINT_RESTORE */
> +#endif /* CONFIG_SECCOMP_FILTER */
>
> #ifdef CONFIG_SYSCTL
>
> --
> 2.17.1
>
> _______________________________________________
> Containers mailing list
> Containers@...ts.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers
Powered by blists - more mailing lists