mbox

3.2-rc1 rebase review

Message ID 4EBACFCE.90408@canonical.com
State New
Headers show

Pull-request

git://kernel.ubuntu.com/rtg/ubuntu-precise.git seccomp_filter

Message

Tim Gardner Nov. 9, 2011, 7:09 p.m. UTC 
On 11/08/2011 02:35 PM, Kees Cook wrote:
> On Tue, Nov 8, 2011 at 1:08 PM, Tim Gardner<tim.gardner@canonical.com>  wrote:
>> Kees and Andy - Please check that I resolved these patch conflicts
>> correctly:
>>
>> UBUNTU: ubuntu: Yama - unconditionally chain to Yama LSM
>
> http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-precise.git;a=commitdiff;h=336823e68877aeaea2b3ec680671612e10770616
>
> Looks correct to me. And any runs of the qrt test-kernel-hardening.py
> regression test will catch it if it's not operating correctly.
>
>> I dropped this seccomp_filter patch set for now. Kees has promised a pull
>> request.
>>
>> http://bugs.launchpad.net/bugs/887780
>
> I've got this pending in rebased-to-upstream branch here:
> https://github.com/kees/linux/commits/seccomp_filter
>
> and I updated the bug to point to that too. I can get this rebased to
> precise in a few days if no one else beats me to it first.
>
> Thanks for the heads-up!
>
> -Kees
>

Kees - here are the minimum fixes that get your bits compiling against 
v3.2-rc1. I've not incorporated any of Tetsuo's suggestions. I'll leave 
that up to you and Will.

rtg

The following changes since commit 1ea6b8f48918282bdca0b32a34095504ee65bab5:
   Linus Torvalds (1):
         Linux 3.2-rc1

are available in the git repository at:

   git://kernel.ubuntu.com/rtg/ubuntu-precise.git seccomp_filter

Tim Gardner (2):
       CHROMIUM: Fix seccomp_t compile error
       CHROMIUM: Fix kref usage

Will Drewry (5):
       CHROMIUM: seccomp_filter: new mode with configurable syscall filters
       CHROMIUM: seccomp_filter: add process state reporting
       CHROMIUM: seccomp_filter: Document what seccomp_filter is and how 
it works.
       CHROMIUM: x86: add HAVE_SECCOMP_FILTER and seccomp_execve
       CHROMIUM: arm: select HAVE_SECCOMP_FILTER

  Documentation/prctl/seccomp_filter.txt |  189 ++++++
  arch/arm/Kconfig                       |    1 +
  arch/x86/Kconfig                       |    1 +
  arch/x86/include/asm/ia32_unistd.h     |    1 +
  arch/x86/include/asm/seccomp_64.h      |    2 +
  fs/proc/base.c                         |   31 +
  include/linux/init_task.h              |   12 +
  include/linux/prctl.h                  |    7 +
  include/linux/sched.h                  |    2 +-
  include/linux/seccomp.h                |  123 ++++-
  kernel/Makefile                        |    1 +
  kernel/fork.c                          |    4 +
  kernel/seccomp.c                       |   38 +-
  kernel/seccomp_filter.c                | 1058 
++++++++++++++++++++++++++++++++
  kernel/sys.c                           |   12 +
  security/Kconfig                       |   17 +
  16 files changed, 1484 insertions(+), 15 deletions(-)
  create mode 100644 Documentation/prctl/seccomp_filter.txt
  create mode 100644 kernel/seccomp_filter.c