Patchwork [SRU,Precise,PULL,REQUEST] seccomp: forcing auditing of kill condition

mail settings
Submitter Kees Cook
Date Nov. 16, 2012, 12:59 a.m.
Message ID <>
Download mbox
Permalink /patch/199460/
State New
Headers show

Pull-request seccomp-audit


Kees Cook - Nov. 16, 2012, 12:59 a.m.
The following changes since commit ba6c2f688e255a1f52f2930ae9e6d62ede804289:

  UBUNTU: Ubuntu-3.2.0-34.53 (2012-11-14 15:50:53 +0000)

are available in the git repository at: seccomp-audit

for you to fetch changes up to 7c5cb579b51e93442f442d09cd6d6d7248dbece9:

  seccomp: forcing auditing of kill condition (2012-11-15 16:33:59 -0800)

Kees Cook (2):
      Revert "UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations"
      seccomp: forcing auditing of kill condition

 include/linux/audit.h |    3 ++-
 kernel/seccomp.c      |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

This fixes bug

Instead of auditing all seccomp actions, only force the reporting of
those that kill a process. All others should be checked for an existing
audit context on the process. (This improves the adjustment that
commit 426ae7eee59e3de2a4c14ccfc30df0a7d64709fe was attempting.)

(Note that a patch doing this for upstream will be more involved, changing
the audit messages based on seccomp action, etc, but this is sufficient for
eliminating the needless noise/logs in precise.)


Tim Gardner - Nov. 16, 2012, 12:46 p.m.

Herton Ronaldo Krzesinski - Nov. 19, 2012, 6:06 p.m.

Tim Gardner - Nov. 19, 2012, 6:32 p.m.