All of lore.kernel.org
 help / color / mirror / Atom feed
* [GIT PULL] seccomp updates for next
@ 2018-12-12 23:16 Kees Cook
  2018-12-13  0:08 ` James Morris
  0 siblings, 1 reply; 14+ messages in thread
From: Kees Cook @ 2018-12-12 23:16 UTC (permalink / raw)
  To: James Morris; +Cc: linux-kernel, Kees Cook, Serge Hallyn, Tycho Andersen

Hi James,

Please pull these seccomp changes for next.

Thanks!

-Kees

The following changes since commit ccda4af0f4b92f7b4c308d3acc262f4a7e3affad:

  Linux 4.20-rc2 (2018-11-11 17:12:31 -0600)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next

for you to fetch changes up to fec7b6690541b8128663a13c9586b1daf42b0a6c:

  samples: add an example of seccomp user trap (2018-12-11 16:32:11 -0800)

----------------------------------------------------------------
Add SECCOMP_RET_USER_NOTIF

----------------------------------------------------------------
Tycho Andersen (4):
      seccomp: hoist struct seccomp_data recalculation higher
      seccomp: switch system call argument type to void *
      seccomp: add a return code to trap to userspace
      samples: add an example of seccomp user trap

 Documentation/ioctl/ioctl-number.txt           |   1 +
 Documentation/userspace-api/seccomp_filter.rst |  84 +++++
 include/linux/seccomp.h                        |   9 +-
 include/linux/syscalls.h                       |   2 +-
 include/uapi/linux/seccomp.h                   |  40 ++-
 kernel/seccomp.c                               | 468 ++++++++++++++++++++++++-
 samples/seccomp/.gitignore                     |   1 +
 samples/seccomp/Makefile                       |   7 +-
 samples/seccomp/user-trap.c                    | 375 ++++++++++++++++++++
 tools/testing/selftests/seccomp/seccomp_bpf.c  | 447 ++++++++++++++++++++++-
 10 files changed, 1411 insertions(+), 23 deletions(-)
 create mode 100644 samples/seccomp/user-trap.c

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 14+ messages in thread
* [GIT PULL] seccomp updates for next
@ 2017-11-29  0:38 ` Kees Cook
  0 siblings, 0 replies; 14+ messages in thread
From: Kees Cook @ 2017-11-29  0:38 UTC (permalink / raw)
  To: James Morris; +Cc: linux-kernel, linux-security-module, Tycho Andersen

Hi James,

Please pull these seccomp changes for next. This implements an interface
for examining seccomp filter metadata when using CRIU.

Thanks!

-Kees

The following changes since commit 4fbd8d194f06c8a3fd2af1ce560ddb31f7ec8323:

  Linux 4.15-rc1 (2017-11-26 16:01:47 -0800)

are available in the git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next

for you to fetch changes up to 26500475ac1b499d8636ff281311d633909f5d20:

  ptrace, seccomp: add support for retrieving seccomp metadata (2017-11-28 15:41:01 -0800)

----------------------------------------------------------------
add support for retrieving seccomp filter metadata (Tycho Andersen)

----------------------------------------------------------------
Tycho Andersen (2):
      seccomp: hoist out filter resolving logic
      ptrace, seccomp: add support for retrieving seccomp metadata

 include/linux/seccomp.h     |   8 ++++
 include/uapi/linux/ptrace.h |   6 +++
 kernel/ptrace.c             |   4 ++
 kernel/seccomp.c            | 106 +++++++++++++++++++++++++++++++-------------
 4 files changed, 94 insertions(+), 30 deletions(-)

-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] 14+ messages in thread
* [GIT PULL] seccomp updates for next
@ 2017-08-15 22:03 ` Kees Cook
  0 siblings, 0 replies; 14+ messages in thread
From: Kees Cook @ 2017-08-15 22:03 UTC (permalink / raw)
  To: James Morris
  Cc: linux-kernel, Andy Lutomirski, Tyler Hicks, linux-security-module

Hi James,

Please pull these seccomp changes for next.

Thanks!

-Kees

The following changes since commit 520eccdfe187591a51ea9ab4c1a024ae4d0f68d9:

  Linux 4.13-rc2 (2017-07-23 16:15:17 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next

for you to fetch changes up to f3e1821d9e1cc3fb434d7763001791dcd6720c90:

  selftests/seccomp: Test thread vs process killing (2017-08-14 13:46:50 -0700)

----------------------------------------------------------------
Major additions:
- sysctl and seccomp operation to discover available actions. (tyhicks)
- new per-filter configurable logging infrastructure and sysctl. (tyhicks)
- SECCOMP_RET_LOG to log allowed syscalls. (tyhicks)
- SECCOMP_RET_KILL_PROCESS as the new strictest possible action.
- self-tests for new behaviors.

----------------------------------------------------------------
Kees Cook (8):
      selftests/seccomp: Add tests for basic ptrace actions
      selftests/seccomp: Add simple seccomp overhead benchmark
      selftests/seccomp: Refactor RET_ERRNO tests
      seccomp: Provide matching filter for introspection
      seccomp: Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD
      seccomp: Introduce SECCOMP_RET_KILL_PROCESS
      seccomp: Implement SECCOMP_RET_KILL_PROCESS action
      selftests/seccomp: Test thread vs process killing

Tyler Hicks (6):
      seccomp: Sysctl to display available actions
      seccomp: Operation for checking if an action is available
      seccomp: Sysctl to configure actions that are allowed to be logged
      seccomp: Selftest for detection of filter flag support
      seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW
      seccomp: Action to log before allowing

 Documentation/networking/filter.txt                |   2 +-
 Documentation/sysctl/kernel.txt                    |   1 +
 Documentation/userspace-api/seccomp_filter.rst     |  52 +-
 include/linux/audit.h                              |   6 +-
 include/linux/seccomp.h                            |   3 +-
 include/uapi/linux/seccomp.h                       |  23 +-
 kernel/seccomp.c                                   | 321 ++++++++++-
 samples/seccomp/bpf-direct.c                       |   4 +-
 samples/seccomp/bpf-helper.h                       |   2 +-
 tools/testing/selftests/seccomp/Makefile           |  18 +-
 .../testing/selftests/seccomp/seccomp_benchmark.c  |  99 ++++
 tools/testing/selftests/seccomp/seccomp_bpf.c      | 610 +++++++++++++++++----
 12 files changed, 1009 insertions(+), 132 deletions(-)
 create mode 100644 tools/testing/selftests/seccomp/seccomp_benchmark.c

-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] 14+ messages in thread
* [GIT PULL] seccomp updates for next
@ 2017-06-26 17:02 ` Kees Cook
  0 siblings, 0 replies; 14+ messages in thread
From: Kees Cook @ 2017-06-26 17:02 UTC (permalink / raw)
  To: James Morris; +Cc: linux-security-module, linux-kernel

Hi James,

Please pull these seccomp changes for next. These are all tiny changes,
but I got delayed sending them to you. I'd like have these land for v4.13;
I should have sent them for v4.12. :P

Thanks!

-Kees

The following changes since commit 08332893e37af6ae779367e78e444f8f9571511d:

  Linux 4.12-rc2 (2017-05-21 19:30:23 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next

for you to fetch changes up to 0b5fa2290637a3235898d18dc0e7a136783f1bd2:

  seccomp: Switch from atomic_t to recount_t (2017-06-26 09:24:00 -0700)

----------------------------------------------------------------
- cleans up some coding style issues
- adjusts selftests to work correctly under Bionic
- switch from atomic_t to refcount_t for usage tracking

----------------------------------------------------------------
Kees Cook (3):
      seccomp: Clean up core dump logic
      seccomp: Adjust selftests to avoid double-join
      seccomp: Switch from atomic_t to recount_t

 kernel/seccomp.c                              | 16 ++++-----
 tools/testing/selftests/seccomp/seccomp_bpf.c | 51 ++++++++++++++++++---------
 2 files changed, 42 insertions(+), 25 deletions(-)

-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2018-12-13  1:05 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-12 23:16 [GIT PULL] seccomp updates for next Kees Cook
2018-12-13  0:08 ` James Morris
  -- strict thread matches above, loose matches on Subject: below --
2017-11-29  0:38 Kees Cook
2017-11-29  0:38 ` Kees Cook
2017-11-29  1:55 ` James Morris
2017-11-29  1:55   ` James Morris
2017-08-15 22:03 Kees Cook
2017-08-15 22:03 ` Kees Cook
2017-08-16  2:33 ` James Morris
2017-08-16  2:33   ` James Morris
2017-06-26 17:02 Kees Cook
2017-06-26 17:02 ` Kees Cook
2017-06-27  3:27 ` James Morris
2017-06-27  3:27   ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.