| Submitter | Kees Cook |
|---|---|
| Date | Aug. 23, 2011, 2:58 p.m. |
| Message ID | <20110823145814.GE1834@outflux.net> |
| Download | mbox |
| Permalink | /patch/111124/ |
| State | New |
| Headers | show |
Pull-request
git://kernel.ubuntu.com/kees/ubuntu-oneiric.git masterComments
On 08/23/2011 08:58 AM, Kees Cook wrote: > The following changes since commit 0f7b85456c26da7c277732d0a3549509f50b1de0: > > UBUNTU: Ubuntu-3.0.0-9.12 (2011-08-19 21:52:38 -0700) > > are available in the git repository at: > git://kernel.ubuntu.com/kees/ubuntu-oneiric.git master > > Kees Cook (1): > UBUNTU: [Config] enable and enforce SECCOMP_FILTER on x86 > > Will Drewry (4): > UBUNTU: SAUCE: seccomp_filter: new mode with configurable syscall filters > UBUNTU: SAUCE: seccomp_filter: add process state reporting > UBUNTU: SAUCE: seccomp_filter: Document what seccomp_filter is and how it works. > UBUNTU: SAUCE: seccomp_filter: add HAVE_SECCOMP_FILTER and seccomp_execve > > Documentation/prctl/seccomp_filter.txt | 189 +++++ > arch/x86/Kconfig | 1 + > arch/x86/include/asm/ia32_unistd.h | 1 + > arch/x86/include/asm/seccomp_64.h | 2 + > debian.master/config/amd64/config.common.amd64 | 1 + > debian.master/config/enforce | 1 + > debian.master/config/i386/config.common.i386 | 1 + > fs/proc/base.c | 31 + > include/linux/init_task.h | 12 + > include/linux/prctl.h | 7 + > include/linux/sched.h | 2 +- > include/linux/seccomp.h | 119 +++- > kernel/Makefile | 1 + > kernel/fork.c | 4 + > kernel/seccomp.c | 38 +- > kernel/seccomp_filter.c | 1057 ++++++++++++++++++++++++ > kernel/sys.c | 12 + > security/Kconfig | 17 + > 18 files changed, 1483 insertions(+), 13 deletions(-) > create mode 100644 Documentation/prctl/seccomp_filter.txt > create mode 100644 kernel/seccomp_filter.c > > This is take-2 on the pull request for the SECCOMP_FILTER feature. I've > build and runtime tested this now, and it looks to be in good shape. It's > enabled only for x86. > > Thanks! > > -Kees >
The following changes since commit 0f7b85456c26da7c277732d0a3549509f50b1de0: UBUNTU: Ubuntu-3.0.0-9.12 (2011-08-19 21:52:38 -0700) are available in the git repository at: git://kernel.ubuntu.com/kees/ubuntu-oneiric.git master Kees Cook (1): UBUNTU: [Config] enable and enforce SECCOMP_FILTER on x86 Will Drewry (4): UBUNTU: SAUCE: seccomp_filter: new mode with configurable syscall filters UBUNTU: SAUCE: seccomp_filter: add process state reporting UBUNTU: SAUCE: seccomp_filter: Document what seccomp_filter is and how it works. UBUNTU: SAUCE: seccomp_filter: add HAVE_SECCOMP_FILTER and seccomp_execve Documentation/prctl/seccomp_filter.txt | 189 +++++ arch/x86/Kconfig | 1 + arch/x86/include/asm/ia32_unistd.h | 1 + arch/x86/include/asm/seccomp_64.h | 2 + debian.master/config/amd64/config.common.amd64 | 1 + debian.master/config/enforce | 1 + debian.master/config/i386/config.common.i386 | 1 + fs/proc/base.c | 31 + include/linux/init_task.h | 12 + include/linux/prctl.h | 7 + include/linux/sched.h | 2 +- include/linux/seccomp.h | 119 +++- kernel/Makefile | 1 + kernel/fork.c | 4 + kernel/seccomp.c | 38 +- kernel/seccomp_filter.c | 1057 ++++++++++++++++++++++++ kernel/sys.c | 12 + security/Kconfig | 17 + 18 files changed, 1483 insertions(+), 13 deletions(-) create mode 100644 Documentation/prctl/seccomp_filter.txt create mode 100644 kernel/seccomp_filter.c This is take-2 on the pull request for the SECCOMP_FILTER feature. I've build and runtime tested this now, and it looks to be in good shape. It's enabled only for x86. Thanks! -Kees