lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Aug 2018 21:07:59 +0200 From: Christian Brauner <christian@...uner.io> To: Tycho Andersen <tycho@...ho.ws> Cc: Kees Cook <keescook@...omium.org>, linux-api@...r.kernel.org, containers@...ts.linux-foundation.org, Akihiro Suda <suda.akihiro@....ntt.co.jp>, Oleg Nesterov <oleg@...hat.com>, linux-kernel@...r.kernel.org, "Eric W . Biederman" <ebiederm@...ssion.com>, Christian Brauner <christian.brauner@...ntu.com>, Andy Lutomirski <luto@...capital.net>, Serge Hallyn <serge@...lyn.com>, Jann Horn <jannh@...gle.com> Subject: Re: [PATCH v5 2/5] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE On Tue, Aug 28, 2018 at 08:36:00AM -0600, Tycho Andersen wrote: > In the next commit we'll use this same mnemonic to get a listener for the > nth filter, so we need it available outside of CHECKPOINT_RESTORE in the > USER_NOTIFICATION case as well. > > v2: new in v2 > v3: no changes > v4: no changes > v5: switch to CHECKPOINT_RESTORE || USER_NOTIFICATION to avoid warning when > only CONFIG_SECCOMP_FILTER is enabled. > > Signed-off-by: Tycho Andersen <tycho@...ho.ws> > CC: Kees Cook <keescook@...omium.org> > CC: Andy Lutomirski <luto@...capital.net> > CC: Oleg Nesterov <oleg@...hat.com> > CC: Eric W. Biederman <ebiederm@...ssion.com> > CC: "Serge E. Hallyn" <serge@...lyn.com> > CC: Christian Brauner <christian.brauner@...ntu.com> > CC: Tyler Hicks <tyhicks@...onical.com> > CC: Akihiro Suda <suda.akihiro@....ntt.co.jp> > --- > kernel/seccomp.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) (Putting Serge and Jann in Cc. They seem to have been left out on accident. :)) Acked-by: Christian Brauner <christian@...uner.io> > > diff --git a/kernel/seccomp.c b/kernel/seccomp.c > index a09eb5c05f68..ed786655186d 100644 > --- a/kernel/seccomp.c > +++ b/kernel/seccomp.c > @@ -1188,7 +1188,8 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) > return do_seccomp(op, 0, uargs); > } > > -#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_CHECKPOINT_RESTORE) > +#if defined(CONFIG_CHECKPOINT_RESTORE) || \ > + defined(CONFIG_SECCOMP_USER_NOTIFICATION) > static struct seccomp_filter *get_nth_filter(struct task_struct *task, > unsigned long filter_off) > { > @@ -1235,6 +1236,7 @@ static struct seccomp_filter *get_nth_filter(struct task_struct *task, > return filter; > } > > +#if defined(CONFIG_CHECKPOINT_RESTORE) > long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, > void __user *data) > { > @@ -1307,7 +1309,8 @@ long seccomp_get_metadata(struct task_struct *task, > __put_seccomp_filter(filter); > return ret; > } > -#endif > +#endif /* CONFIG_CHECKPOINT_RESTORE */ > +#endif /* CONFIG_SECCOMP_FILTER */ > > #ifdef CONFIG_SYSCTL > > -- > 2.17.1 > > _______________________________________________ > Containers mailing list > Containers@...ts.linux-foundation.org > https://lists.linuxfoundation.org/mailman/listinfo/containers
Powered by blists - more mailing lists