From patchwork Fri Nov 16 00:59:49 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [SRU, Precise, PULL,
 REQUEST] seccomp: forcing auditing of kill condition
Date: Thu, 15 Nov 2012 14:59:49 -0000
From: Kees Cook <kees@ubuntu.com>
X-Patchwork-Id: 199460
Message-Id: <20121116005949.GL32257@outflux.net>
To: kernel-team@lists.ubuntu.com
Cc: Julien Tinnes <jln@google.com>

The following changes since commit ba6c2f688e255a1f52f2930ae9e6d62ede804289:

  UBUNTU: Ubuntu-3.2.0-34.53 (2012-11-14 15:50:53 +0000)

are available in the git repository at:

  https://github.com/kees/linux.git seccomp-audit

for you to fetch changes up to 7c5cb579b51e93442f442d09cd6d6d7248dbece9:

  seccomp: forcing auditing of kill condition (2012-11-15 16:33:59 -0800)

----------------------------------------------------------------
Kees Cook (2):
      Revert "UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations"
      seccomp: forcing auditing of kill condition

 include/linux/audit.h |    3 ++-
 kernel/seccomp.c      |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)


This fixes bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1079469

Instead of auditing all seccomp actions, only force the reporting of
those that kill a process. All others should be checked for an existing
audit context on the process. (This improves the adjustment that
commit 426ae7eee59e3de2a4c14ccfc30df0a7d64709fe was attempting.)

(Note that a patch doing this for upstream will be more involved, changing
the audit messages based on seccomp action, etc, but this is sufficient for
eliminating the needless noise/logs in precise.)

Thanks,

-Kees