From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@amacapital.net>,
Oleg Nesterov <oleg@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Peter Zijlstra <peterz@infradead.org>,
James Morris <james.l.morris@oracle.com>,
Eric Paris <eparis@redhat.com>, Juri Lelli <juri.lelli@gmail.com>,
John Stultz <john.stultz@linaro.org>,
"David S. Miller" <davem@davemloft.net>,
Daniel Borkmann <dborkman@redhat.com>,
Alex Thorlton <athorlton@sgi.com>, Rik van Riel <riel@redhat.com>,
Daeseok Youn <daeseok.youn@gmail.com>,
David Rientjes <rientjes@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Dario Faggioli <raistlin@linux.it>,
Rashika Kheria <rashika.kheria@gmail.com>,
liguang <lig.fnst@cn.fujitsu.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
linux-doc@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [PATCH v5 1/6] seccomp: create internal mode-setting function
Date: Thu, 22 May 2014 16:05:31 -0700 [thread overview]
Message-ID: <1400799936-26499-2-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1400799936-26499-1-git-send-email-keescook@chromium.org>
In preparation for having other callers of the seccomp mode setting
logic, split the prctl entry point away from the core logic that performs
seccomp mode setting.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
kernel/seccomp.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index b35c21503a36..8bbe20111222 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -465,7 +465,7 @@ long prctl_get_seccomp(void)
}
/**
- * prctl_set_seccomp: configures current->seccomp.mode
+ * seccomp_set_mode: internal function for setting seccomp mode
* @seccomp_mode: requested mode to use
* @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
*
@@ -478,7 +478,7 @@ long prctl_get_seccomp(void)
*
* Returns 0 on success or -EINVAL on failure.
*/
-long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
+static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
{
long ret = -EINVAL;
@@ -509,3 +509,18 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
out:
return ret;
}
+
+/**
+ * prctl_set_seccomp: configures current->seccomp.mode
+ * @seccomp_mode: requested mode to use
+ * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
+ *
+ * Returns 0 on success or -EINVAL on failure.
+ */
+long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
+{
+ long ret;
+
+ ret = seccomp_set_mode(seccomp_mode, filter);
+ return ret;
+}
--
1.7.9.5
next prev parent reply other threads:[~2014-05-22 23:06 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-22 23:05 [PATCH v5 0/6] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_TSYNC Kees Cook
2014-05-22 23:05 ` Kees Cook [this message]
2014-05-22 23:05 ` [PATCH v5 2/6] seccomp: split filter prep from check and apply Kees Cook
2014-05-22 23:05 ` [PATCH v5 3/6] seccomp: introduce writer locking Kees Cook
2014-05-23 0:28 ` Alexei Starovoitov
2014-05-23 8:49 ` Peter Zijlstra
2014-05-23 21:05 ` Kees Cook
2014-05-22 23:05 ` [PATCH v5 4/6] seccomp: move no_new_privs into seccomp Kees Cook
2014-05-22 23:08 ` Andy Lutomirski
2014-05-22 23:05 ` [PATCH v5 5/6] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_FILTER Kees Cook
2014-05-22 23:05 ` [PATCH v5 6/6] seccomp: add SECCOMP_EXT_ACT_TSYNC and SECCOMP_FILTER_TSYNC Kees Cook
2014-05-22 23:11 ` Andy Lutomirski
2014-05-23 17:05 ` Kees Cook
2014-05-26 19:27 ` Andy Lutomirski
2014-05-27 18:24 ` Kees Cook
2014-05-27 18:40 ` Andy Lutomirski
2014-05-27 18:45 ` Kees Cook
2014-05-27 19:10 ` Andy Lutomirski
2014-05-27 19:23 ` Kees Cook
2014-05-27 19:27 ` Andy Lutomirski
2014-05-27 19:55 ` Kees Cook
2014-06-02 20:53 ` Andy Lutomirski
2014-06-03 0:14 ` Kees Cook
2014-06-03 0:29 ` Andy Lutomirski
2014-06-03 1:09 ` Kees Cook
2014-06-03 1:15 ` Andy Lutomirski
2014-06-03 19:53 ` Kees Cook
2014-06-02 19:47 ` [PATCH v5 0/6] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_TSYNC Kees Cook
2014-06-02 19:59 ` Andy Lutomirski
2014-06-02 20:06 ` Kees Cook
2014-06-02 21:17 ` Andy Lutomirski
2014-06-02 23:05 ` Kees Cook
2014-06-02 23:08 ` Andy Lutomirski
2014-06-02 23:08 ` Andy Lutomirski
2014-06-03 10:12 ` Michael Kerrisk
2014-06-03 10:12 ` Michael Kerrisk
2014-06-03 23:47 ` Julien Tinnes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1400799936-26499-2-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=athorlton@sgi.com \
--cc=daeseok.youn@gmail.com \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=ebiederm@xmission.com \
--cc=eparis@redhat.com \
--cc=geert@linux-m68k.org \
--cc=james.l.morris@oracle.com \
--cc=john.stultz@linaro.org \
--cc=juri.lelli@gmail.com \
--cc=lig.fnst@cn.fujitsu.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=raistlin@linux.it \
--cc=rashika.kheria@gmail.com \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.