FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 03-21-2012, 06:18 PM
Kees Cook
 
Default SECCOMP mode 2, BPF

The following changes since commit b0c18ca93ec9fec352594a5a1ab16c3aec131f96:
Leann Ogasawara (1):
UBUNTU: Ubuntu-3.2.0-19.31

are available in the git repository at:

git://github.com/kees/linux.git ubuntu-precise

Andy Lutomirski (1):
UBUNTU: SAUCE: SECCOMP: Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs

Eric Paris (1):
seccomp: audit abnormal end to a process due to seccomp

John Johansen (1):
UBUNTU: SAUCE: SECCOMP: Fix apparmor for PR_{GET,SET}_NO_NEW_PRIVS

Kees Cook (2):
UBUNTU: SAUCE: SECCOMP: seccomp: remove duplicated failure logging
UBUNTU: [Config] SECCOMP_FILTER=y

Will Drewry (12):
UBUNTU: SAUCE: SECCOMP: sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
UBUNTU: SAUCE: SECCOMP: net/compat.c,linux/filter.h: share compat_sock_fprog
UBUNTU: SAUCE: SECCOMP: seccomp: kill the seccomp_t typedef
UBUNTU: SAUCE: SECCOMP: arch/x86: add syscall_get_arch to syscall.h
UBUNTU: SAUCE: SECCOMP: asm/syscall.h: add syscall_get_arch
UBUNTU: SAUCE: SECCOMP: seccomp: add system call filtering using BPF
UBUNTU: SAUCE: SECCOMP: seccomp: add SECCOMP_RET_ERRNO
UBUNTU: SAUCE: SECCOMP: signal, x86: add SIGSYS info and make it synchronous.
UBUNTU: SAUCE: SECCOMP: seccomp: Add SECCOMP_RET_TRAP
UBUNTU: SAUCE: SECCOMP: ptrace,seccomp: Add PTRACE_SECCOMP support
UBUNTU: SAUCE: SECCOMP: x86: Enable HAVE_ARCH_SECCOMP_FILTER
UBUNTU: SAUCE: SECCOMP: Documentation: prctl/seccomp_filter

Documentation/prctl/seccomp_filter.txt | 156 +++++++++
arch/Kconfig | 24 ++
arch/x86/Kconfig | 1 +
arch/x86/ia32/ia32_signal.c | 4 +
arch/x86/include/asm/ia32.h | 6 +
arch/x86/include/asm/syscall.h | 23 ++
arch/x86/kernel/ptrace.c | 7 +-
debian.master/config/amd64/config.common.amd64 | 1 +
debian.master/config/enforce | 2 +-
debian.master/config/i386/config.common.i386 | 1 +
fs/exec.c | 10 +-
include/asm-generic/siginfo.h | 22 ++
include/asm-generic/syscall.h | 14 +
include/linux/Kbuild | 1 +
include/linux/audit.h | 8 +
include/linux/filter.h | 12 +
include/linux/prctl.h | 15 +
include/linux/ptrace.h | 7 +-
include/linux/sched.h | 4 +-
include/linux/seccomp.h | 105 +++++-
include/linux/security.h | 1 +
kernel/auditsc.c | 58 ++--
kernel/fork.c | 3 +
kernel/ptrace.c | 3 +
kernel/seccomp.c | 446 +++++++++++++++++++++++-
kernel/signal.c | 9 +-
kernel/sys.c | 12 +-
net/compat.c | 8 -
net/core/filter.c | 6 +
samples/Makefile | 2 +-
samples/seccomp/Makefile | 38 ++
samples/seccomp/bpf-direct.c | 176 ++++++++++
samples/seccomp/bpf-fancy.c | 102 ++++++
samples/seccomp/bpf-helper.c | 89 +++++
samples/seccomp/bpf-helper.h | 238 +++++++++++++
samples/seccomp/dropper.c | 68 ++++
security/apparmor/domain.c | 35 ++
security/commoncap.c | 7 +-
security/selinux/hooks.c | 10 +-
39 files changed, 1660 insertions(+), 74 deletions(-)
create mode 100644 Documentation/prctl/seccomp_filter.txt
create mode 100644 samples/seccomp/Makefile
create mode 100644 samples/seccomp/bpf-direct.c
create mode 100644 samples/seccomp/bpf-fancy.c
create mode 100644 samples/seccomp/bpf-helper.c
create mode 100644 samples/seccomp/bpf-helper.h
create mode 100644 samples/seccomp/dropper.c

--
Kees Cook

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 11:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org