From patchwork Fri Nov 16 00:59:49 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 199460 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 4AF0E2C0525 for ; Fri, 16 Nov 2012 12:00:11 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1TZAHi-0005CU-1d; Fri, 16 Nov 2012 00:59:54 +0000 Received: from smtp.outflux.net ([198.145.64.163]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1TZAHf-0005CN-VX for kernel-team@lists.ubuntu.com; Fri, 16 Nov 2012 00:59:52 +0000 Received: from www.outflux.net (serenity-end.outflux.net [10.2.0.2]) by vinyl.outflux.net (8.14.4/8.14.4/Debian-2ubuntu2) with ESMTP id qAG0xnc3006462; Thu, 15 Nov 2012 16:59:49 -0800 Date: Thu, 15 Nov 2012 16:59:49 -0800 From: Kees Cook To: kernel-team@lists.ubuntu.com Subject: [SRU][Precise][PULL REQUEST] seccomp: forcing auditing of kill condition Message-ID: <20121116005949.GL32257@outflux.net> MIME-Version: 1.0 Content-Disposition: inline Organization: Ubuntu X-MIMEDefang-Filter: outflux$Revision: 1.316 $ X-HELO: www.outflux.net X-Scanned-By: MIMEDefang 2.71 on 10.2.0.1 Cc: Julien Tinnes X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com The following changes since commit ba6c2f688e255a1f52f2930ae9e6d62ede804289: UBUNTU: Ubuntu-3.2.0-34.53 (2012-11-14 15:50:53 +0000) are available in the git repository at: https://github.com/kees/linux.git seccomp-audit for you to fetch changes up to 7c5cb579b51e93442f442d09cd6d6d7248dbece9: seccomp: forcing auditing of kill condition (2012-11-15 16:33:59 -0800) ---------------------------------------------------------------- Kees Cook (2): Revert "UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations" seccomp: forcing auditing of kill condition include/linux/audit.h | 3 ++- kernel/seccomp.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) This fixes bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1079469 Instead of auditing all seccomp actions, only force the reporting of those that kill a process. All others should be checked for an existing audit context on the process. (This improves the adjustment that commit 426ae7eee59e3de2a4c14ccfc30df0a7d64709fe was attempting.) (Note that a patch doing this for upstream will be more involved, changing the audit messages based on seccomp action, etc, but this is sufficient for eliminating the needless noise/logs in precise.) Thanks, -Kees