From: Kees Cook <kees.cook@canonical.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Will Drewry <wad@chromium.org>, Ingo Molnar <mingo@elte.hu>,
James Morris <jmorris@namei.org>,
Chris Evans <scarybeasts@gmail.com>,
linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
djm@mindrot.org, segoon@openwall.com, fweisbec@gmail.com,
tglx@linutronix.de, Randy Dunlap <rdunlap@xenotime.net>,
linux-doc@vger.kernel.org, Eric Paris <eparis@redhat.com>,
linux-security-module@vger.kernel.org,
ksummit-2011-discuss@lists.linux-foundation.org
Subject: Re: [PATCH v9 05/13] seccomp_filter: Document what seccomp_filter is and how it works.
Date: Fri, 1 Jul 2011 13:25:38 -0700 [thread overview]
Message-ID: <20110701202538.GN32221@outflux.net> (raw)
In-Reply-To: <1309543448.26417.156.camel@gandalf.stny.rr.com>
On Fri, Jul 01, 2011 at 02:04:08PM -0400, Steven Rostedt wrote:
> On Fri, 2011-07-01 at 11:43 -0500, Will Drewry wrote:
> > On Fri, Jul 1, 2011 at 11:10 AM, Ingo Molnar <mingo@elte.hu> wrote:
>
> > I'd like to be able to move along security for the platform today and
> > not in two years, but if my only chance of any form of this being
> > ACK'd is to write it such that it shares code with perf and has a
> > shiny new ABI, then I'll queue up the work for when I can start trying
> > to tackle it.
>
> As this seems to be dragging on, and does not look to be solved by
> October, I would like to propose this topic for the Kernel Summit in
> Prague. I believe all parties involved may be there, and if not, I will
> push hard to get them there.
>
> Email is not always the best median for discussions. Face to face can
> usually solve things much quicker.
How about we put it in as-is and mark it experimental, and then folks
can discuss improvements to it in Oct after all the API users have had
a chance to play with it? Four months seems like a needless delay to me.
I respect the objections, but it doesn't seem to balance against the
demonstrated need for this feature when faced with a viable working patch
series.
-Kees
--
Kees Cook
Ubuntu Security Team
next prev parent reply other threads:[~2011-07-01 20:26 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-24 0:36 [PATCH v9 01/13] tracing: split out filter initialization and clean up uses Will Drewry
2011-06-24 0:36 ` [PATCH v9 02/13] tracing: split out syscall_trace_enter construction Will Drewry
2011-06-24 0:36 ` [PATCH v9 03/13] seccomp_filter: new mode with configurable syscall filters Will Drewry
2011-06-24 7:30 ` Damien Miller
2011-06-24 20:20 ` Kees Cook
2011-06-24 0:36 ` [PATCH v9 04/13] seccomp_filter: add process state reporting Will Drewry
2011-06-24 0:36 ` [PATCH v9 05/13] seccomp_filter: Document what seccomp_filter is and how it works Will Drewry
2011-06-24 7:24 ` Chris Evans
[not found] ` <BANLkTimtYUyXbZjWhjK61B_1WBXE4MoAeA@mail.gmail.com>
2011-06-26 23:20 ` James Morris
2011-06-29 19:13 ` Will Drewry
2011-06-30 1:30 ` James Morris
2011-07-01 11:56 ` Ingo Molnar
2011-07-01 12:56 ` Will Drewry
2011-07-01 13:07 ` Ingo Molnar
2011-07-01 15:46 ` Will Drewry
2011-07-01 16:10 ` Ingo Molnar
2011-07-01 16:43 ` Will Drewry
2011-07-01 18:04 ` Steven Rostedt
2011-07-01 18:09 ` Will Drewry
2011-07-01 18:48 ` Steven Rostedt
2011-07-04 2:19 ` James Morris
2011-07-05 12:40 ` Steven Rostedt
2011-07-05 23:46 ` James Morris
2011-07-06 0:37 ` [Ksummit-2011-discuss] " Ted Ts'o
2011-07-05 23:56 ` Steven Rostedt
2011-07-05 2:54 ` [Ksummit-2011-discuss] " Eugene Teo
2011-07-01 20:25 ` Kees Cook [this message]
2011-07-04 16:09 ` Greg KH
2011-07-01 21:00 ` Ingo Molnar
2011-07-01 21:34 ` Will Drewry
2011-07-05 9:50 ` Ingo Molnar
2011-07-06 18:24 ` Will Drewry
2011-07-05 15:26 ` Vasiliy Kulikov
2011-06-24 0:36 ` [PATCH v9 06/13] x86: add HAVE_SECCOMP_FILTER and seccomp_execve Will Drewry
2011-06-24 0:36 ` [PATCH v9 07/13] arm: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-24 0:36 ` Will Drewry
2011-06-24 0:36 ` [PATCH v9 08/13] microblaze: select HAVE_SECCOMP_FILTER and provide seccomp_execve Will Drewry
2011-06-24 0:36 ` [PATCH v9 09/13] mips: " Will Drewry
2011-06-24 0:36 ` [PATCH v9 10/13] s390: " Will Drewry
2011-06-24 0:36 ` [PATCH v9 11/13] powerpc: " Will Drewry
2011-06-24 0:36 ` Will Drewry
2011-08-30 5:28 ` Benjamin Herrenschmidt
2011-08-30 5:28 ` Benjamin Herrenschmidt
2011-11-28 0:14 ` Benjamin Herrenschmidt
2011-11-28 0:14 ` Benjamin Herrenschmidt
2011-11-28 1:45 ` Will Drewry
2011-11-28 1:45 ` Will Drewry
2011-06-24 0:36 ` [PATCH v9 12/13] sparc: " Will Drewry
2011-06-24 0:36 ` Will Drewry
2011-06-24 0:36 ` [PATCH v9 13/13] sh: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-24 0:36 ` Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110701202538.GN32221@outflux.net \
--to=kees.cook@canonical.com \
--cc=djm@mindrot.org \
--cc=eparis@redhat.com \
--cc=fweisbec@gmail.com \
--cc=jmorris@namei.org \
--cc=ksummit-2011-discuss@lists.linux-foundation.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rdunlap@xenotime.net \
--cc=rostedt@goodmis.org \
--cc=scarybeasts@gmail.com \
--cc=segoon@openwall.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.