APPLIED: [PATCH 0/8][Artful] Improved seccomp logging
seth.forshee at canonical.com
Mon Aug 28 13:06:52 UTC 2017
On Fri, Aug 25, 2017 at 11:08:23PM +0000, Tyler Hicks wrote:
> This is a backport of a patch set that improves seccomp logging controls for
> applications and for adminstrators. Snappy needs these patches in order to
> provide proper logging of syscalls that are not allowed while running in
> developer mode. Snappy also needs these patches in order to move away from the
> default action of killing snaps when they bump into the sandbox walls and,
> instead, return an errno that is properly logged.
> The patches have been acked by seccomp maintainer Kees Cook and they've been
> pulled into James Morris' security tree where they've been incorporated into
> For the Artful 4.13 kernel, simply follow this sequence to apply the patches
> from linux-next:
> revert: cad05e0c59836c61f1a7a8d78cea65e231eaf952
> cherry-pick: deb4de8b31bc5bf21efb6ac31150a01a631cd647
> cherry-pick: 8e5f1ad116df6b0de65eac458d5e7c318d1c05af
> cherry-pick: d612b1fd8010d0d67b5287fe146b8b55bcbb8655
> cherry-pick: 0ddec0fc8900201c0897b87b762b7c420436662f
> cherry-pick: 2b7ea5b5b5799f2878ed454bb48032bed6d101d3
> cherry-pick: e66a39977985b1e69e17c4042cb290768eca9b02
> cherry-pick: 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4 (LP: #1567597)
> For the Artful 4.12 kernel, please apply the patches that will followup this
> intro email. A few of the patches required a minor backporting.
> I've successfully ran the seccomp kernel selftests (including the ones added by
> this patch set) using the patched 4.12 and 4.13 Artful kernels. I've also
> manually tested the backports to both kernels using a test program that
> excercises the new log filter flag and log action.
Patches applied to artful/master-next, and the sequence for 4.13 is
applied to unstable/master. Thanks!
More information about the kernel-team