[SRU,Precise,PULL,REQUEST] seccomp: forcing auditing of kill condition

Message ID 20121116005949.GL32257@outflux.net
State New
Headers show


https://github.com/kees/linux.git seccomp-audit


Kees Cook Nov. 16, 2012, 12:59 a.m.
The following changes since commit ba6c2f688e255a1f52f2930ae9e6d62ede804289:

  UBUNTU: Ubuntu-3.2.0-34.53 (2012-11-14 15:50:53 +0000)

are available in the git repository at:

  https://github.com/kees/linux.git seccomp-audit

for you to fetch changes up to 7c5cb579b51e93442f442d09cd6d6d7248dbece9:

  seccomp: forcing auditing of kill condition (2012-11-15 16:33:59 -0800)

Kees Cook (2):
      Revert "UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations"
      seccomp: forcing auditing of kill condition

 include/linux/audit.h |    3 ++-
 kernel/seccomp.c      |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

This fixes bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1079469

Instead of auditing all seccomp actions, only force the reporting of
those that kill a process. All others should be checked for an existing
audit context on the process. (This improves the adjustment that
commit 426ae7eee59e3de2a4c14ccfc30df0a7d64709fe was attempting.)

(Note that a patch doing this for upstream will be more involved, changing
the audit messages based on seccomp action, etc, but this is sufficient for
eliminating the needless noise/logs in precise.)




Tim Gardner Nov. 16, 2012, 12:46 p.m. | #1

Herton Ronaldo Krzesinski Nov. 19, 2012, 6:06 p.m. | #2

Tim Gardner Nov. 19, 2012, 6:32 p.m. | #3