ACK/cmnt: [SRU][XENIAL][PATCH 0/7]
Stefan Bader
stefan.bader at canonical.com
Fri Oct 6 08:28:54 UTC 2017
On 06.10.2017 06:43, Tyler Hicks wrote:
> This is a backport of a patch set that improves seccomp logging controls for
> applications and for adminstrators. Snappy needs these patches in order to
> provide proper logging of syscalls that are not allowed while running in
> developer mode (LP: #1567597). Snappy also needs these patches in order to move
> away from the default action of killing snaps when they bump into the sandbox
> walls and, instead, return an errno that is properly logged (LP: #1721676).
>
> The patches have been acked by seccomp maintainer Kees Cook and they've been
> merged into 4.14:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0a3a64e723324ae6dda53214061a71de63808c3
>
> See the test case descriptions in the bugs mentioned above for a list of
> successful tests that I've performed (they all pass).
>
> Thanks!
The patches have no BugLink as far as I see. Would have been nice to add them. I
assume it is the two bugs mentioned above (which also seem to have SRU
justification). We can add those when applying but it is one more thing one can
forget.
The delta is substantial and I would not trust myself to evaluate its
correctness. I have to trust you and Kees, upstream review, the statement of not
changing the default behaviour and testing. Based on that:
Acked-by: Stefan Bader <stefan.bader at canonical.com>
>
> Tyler
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20171006/a3591699/attachment.sig>
More information about the kernel-team
mailing list