APPLIED: [Oneiric][pull request] SECCOMP_FILTER patchset
Tim Gardner
tim.gardner at canonical.com
Tue Aug 23 19:59:18 UTC 2011
On 08/23/2011 08:58 AM, Kees Cook wrote:
> The following changes since commit 0f7b85456c26da7c277732d0a3549509f50b1de0:
>
> UBUNTU: Ubuntu-3.0.0-9.12 (2011-08-19 21:52:38 -0700)
>
> are available in the git repository at:
> git://kernel.ubuntu.com/kees/ubuntu-oneiric.git master
>
> Kees Cook (1):
> UBUNTU: [Config] enable and enforce SECCOMP_FILTER on x86
>
> Will Drewry (4):
> UBUNTU: SAUCE: seccomp_filter: new mode with configurable syscall filters
> UBUNTU: SAUCE: seccomp_filter: add process state reporting
> UBUNTU: SAUCE: seccomp_filter: Document what seccomp_filter is and how it works.
> UBUNTU: SAUCE: seccomp_filter: add HAVE_SECCOMP_FILTER and seccomp_execve
>
> Documentation/prctl/seccomp_filter.txt | 189 +++++
> arch/x86/Kconfig | 1 +
> arch/x86/include/asm/ia32_unistd.h | 1 +
> arch/x86/include/asm/seccomp_64.h | 2 +
> debian.master/config/amd64/config.common.amd64 | 1 +
> debian.master/config/enforce | 1 +
> debian.master/config/i386/config.common.i386 | 1 +
> fs/proc/base.c | 31 +
> include/linux/init_task.h | 12 +
> include/linux/prctl.h | 7 +
> include/linux/sched.h | 2 +-
> include/linux/seccomp.h | 119 +++-
> kernel/Makefile | 1 +
> kernel/fork.c | 4 +
> kernel/seccomp.c | 38 +-
> kernel/seccomp_filter.c | 1057 ++++++++++++++++++++++++
> kernel/sys.c | 12 +
> security/Kconfig | 17 +
> 18 files changed, 1483 insertions(+), 13 deletions(-)
> create mode 100644 Documentation/prctl/seccomp_filter.txt
> create mode 100644 kernel/seccomp_filter.c
>
> This is take-2 on the pull request for the SECCOMP_FILTER feature. I've
> build and runtime tested this now, and it looks to be in good shape. It's
> enabled only for x86.
>
> Thanks!
>
> -Kees
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list