From: Linus Torvalds <torvalds@linux-foundation.org> To: Andrew Lutomirski <luto@mit.edu> Cc: Steven Rostedt <rostedt@goodmis.org>, Will Drewry <wad@chromium.org>, linux-kernel@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, segoon@openwall.com, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, oleg@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com Subject: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Date: Thu, 12 Jan 2012 10:32:59 -0800 [thread overview] Message-ID: <CA+55aFwLoOT-5oRn0k9oErAhTW4hT0_-bMXsn-mf00zcxmHheQ@mail.gmail.com> (raw) In-Reply-To: <CAObL_7HE6_NE79tKASQcAxyvCS_7L=vMqfjvZDbCe99pa2t8Wg@mail.gmail.com> On Thu, Jan 12, 2012 at 10:18 AM, Andrew Lutomirski <luto@mit.edu> wrote: > > Like this? > > http://lkml.indiana.edu/hypermail/linux/kernel/1003.3/01225.html I don't know the execve_nosecurity patches, so the diff makes little sense to me, but yeah, I wouldn't expect it to be more than a couple of lines. Exactly *how* you set the bit etc is not something I care deeply about, prctl seems about as good as anything. > Note that there's a huge can of worms if execve is allowed but > suid/sgid is not: selinux may elevate privileges on exec of pretty > much anything. (I think that this is a really awful idea, but it's in > the kernel, so we're stuck with it.) You can do any amount of crazy things with selinux, but the other side of the coin is that it would also be trivial to teach selinux about this same "restricted environment" bit, and just say that a process with that bit set doesn't get to match whatever selinux privilege escalation rules.. I really don't think this is just about "execve cannot do setuid". I think it's about the process being marked as restricted. So in your patch, I think that "PR_RESTRICT_EXEC" bit is wrong. It should simply be "PR_RESTRICT_ME", and be done with it, and not try to artificially limit it to be some "execve feature", and more think of it as a "this is a process that has *no* extra privileges at all, and can never get them". Linus
WARNING: multiple messages have this Message-ID (diff)
From: Linus Torvalds <torvalds@linux-foundation.org> To: Andrew Lutomirski <luto@mit.edu> Cc: Steven Rostedt <rostedt@goodmis.org>, Will Drewry <wad@chromium.org>, linux-kernel@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, segoon@openwall.com, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, oleg@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com Subject: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Date: Thu, 12 Jan 2012 10:32:59 -0800 [thread overview] Message-ID: <CA+55aFwLoOT-5oRn0k9oErAhTW4hT0_-bMXsn-mf00zcxmHheQ@mail.gmail.com> (raw) In-Reply-To: <CAObL_7HE6_NE79tKASQcAxyvCS_7L=vMqfjvZDbCe99pa2t8Wg@mail.gmail.com> On Thu, Jan 12, 2012 at 10:18 AM, Andrew Lutomirski <luto@mit.edu> wrote: > > Like this? > > http://lkml.indiana.edu/hypermail/linux/kernel/1003.3/01225.html I don't know the execve_nosecurity patches, so the diff makes little sense to me, but yeah, I wouldn't expect it to be more than a couple of lines. Exactly *how* you set the bit etc is not something I care deeply about, prctl seems about as good as anything. > Note that there's a huge can of worms if execve is allowed but > suid/sgid is not: selinux may elevate privileges on exec of pretty > much anything. (I think that this is a really awful idea, but it's in > the kernel, so we're stuck with it.) You can do any amount of crazy things with selinux, but the other side of the coin is that it would also be trivial to teach selinux about this same "restricted environment" bit, and just say that a process with that bit set doesn't get to match whatever selinux privilege escalation rules.. I really don't think this is just about "execve cannot do setuid". I think it's about the process being marked as restricted. So in your patch, I think that "PR_RESTRICT_EXEC" bit is wrong. It should simply be "PR_RESTRICT_ME", and be done with it, and not try to artificially limit it to be some "execve feature", and more think of it as a "this is a process that has *no* extra privileges at all, and can never get them". Linus -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-01-12 18:33 UTC|newest] Thread overview: 409+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-01-11 17:25 [RFC,PATCH 0/2] dynamic seccomp policies (using BPF filters) Will Drewry 2012-01-11 17:25 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry 2012-01-12 8:53 ` Serge Hallyn 2012-01-12 16:54 ` Will Drewry 2012-01-12 16:54 ` Will Drewry 2012-01-12 14:50 ` Oleg Nesterov 2012-01-12 16:55 ` Will Drewry 2012-01-12 16:55 ` Will Drewry 2012-01-12 15:43 ` Steven Rostedt 2012-01-12 16:14 ` Oleg Nesterov 2012-01-12 16:38 ` Steven Rostedt 2012-01-12 16:47 ` Oleg Nesterov 2012-01-12 17:08 ` Will Drewry 2012-01-12 17:08 ` Will Drewry 2012-01-12 17:30 ` Jamie Lokier 2012-01-12 17:40 ` Steven Rostedt 2012-01-12 17:44 ` Jamie Lokier 2012-01-12 17:56 ` Steven Rostedt 2012-01-12 23:27 ` Alan Cox 2012-01-12 23:38 ` Linus Torvalds 2012-01-12 22:18 ` Will Drewry 2012-01-12 22:18 ` Will Drewry 2012-01-12 23:00 ` Andrew Lutomirski 2012-01-12 23:00 ` Andrew Lutomirski 2012-01-12 16:14 ` Andrew Lutomirski 2012-01-12 16:14 ` Andrew Lutomirski 2012-01-12 16:27 ` Steven Rostedt 2012-01-12 16:51 ` Andrew Lutomirski 2012-01-12 16:51 ` Andrew Lutomirski 2012-01-12 17:09 ` Linus Torvalds 2012-01-12 17:17 ` Steven Rostedt 2012-01-12 18:18 ` Andrew Lutomirski 2012-01-12 18:32 ` Linus Torvalds [this message] 2012-01-12 18:32 ` Linus Torvalds 2012-01-12 18:44 ` Andrew Lutomirski 2012-01-12 19:08 ` Kyle Moffett 2012-01-12 19:08 ` Kyle Moffett 2012-01-12 23:05 ` Eric Paris 2012-01-12 23:33 ` Andrew Lutomirski 2012-01-12 23:33 ` Andrew Lutomirski 2012-01-12 19:40 ` Will Drewry 2012-01-12 19:40 ` Will Drewry 2012-01-12 19:42 ` Will Drewry 2012-01-12 19:42 ` Will Drewry 2012-01-12 19:46 ` Andrew Lutomirski 2012-01-12 19:46 ` Andrew Lutomirski 2012-01-12 20:00 ` Linus Torvalds 2012-01-12 20:00 ` Linus Torvalds 2012-01-12 16:59 ` Will Drewry 2012-01-12 16:59 ` Will Drewry 2012-01-12 17:22 ` Jamie Lokier 2012-01-12 17:22 ` Jamie Lokier 2012-01-12 17:35 ` Will Drewry 2012-01-12 17:57 ` Jamie Lokier 2012-01-12 17:57 ` Jamie Lokier 2012-01-12 18:03 ` Will Drewry 2012-01-12 18:03 ` Will Drewry 2012-01-13 1:34 ` Jamie Lokier 2012-01-13 2:44 ` Indan Zupancic 2012-01-13 6:33 ` Chris Evans 2012-01-13 6:33 ` Chris Evans 2012-01-12 17:36 ` Jamie Lokier 2012-01-12 16:18 ` Alan Cox 2012-01-12 17:03 ` Will Drewry 2012-01-12 17:03 ` Will Drewry 2012-01-12 17:11 ` Alan Cox 2012-01-12 17:52 ` Will Drewry 2012-01-12 17:52 ` Will Drewry 2012-01-13 1:31 ` James Morris 2012-01-12 16:22 ` Oleg Nesterov 2012-01-12 17:10 ` Will Drewry 2012-01-12 17:23 ` Oleg Nesterov 2012-01-12 17:23 ` Oleg Nesterov 2012-01-12 17:51 ` Will Drewry 2012-01-12 17:51 ` Will Drewry 2012-01-13 17:31 ` Oleg Nesterov 2012-01-13 17:31 ` Oleg Nesterov 2012-01-13 19:01 ` Will Drewry 2012-01-13 19:01 ` Will Drewry 2012-01-13 23:10 ` Will Drewry 2012-01-13 23:10 ` Will Drewry 2012-01-13 23:12 ` Will Drewry 2012-01-13 23:12 ` Will Drewry 2012-01-13 23:30 ` Eric Paris 2012-01-15 3:40 ` Indan Zupancic 2012-01-16 1:40 ` Will Drewry 2012-01-16 6:49 ` Indan Zupancic 2012-01-16 20:12 ` Will Drewry 2012-01-17 6:46 ` Indan Zupancic 2012-01-17 17:37 ` Will Drewry 2012-01-18 4:06 ` Indan Zupancic 2012-01-18 4:38 ` Will Drewry 2012-01-17 20:34 ` Kees Cook 2012-01-17 20:42 ` Will Drewry 2012-01-17 21:09 ` Will Drewry 2012-01-18 4:47 ` Indan Zupancic 2012-01-16 18:37 ` Oleg Nesterov 2012-01-16 18:37 ` Oleg Nesterov 2012-01-16 20:15 ` Will Drewry 2012-01-16 20:15 ` Will Drewry 2012-01-17 16:45 ` Oleg Nesterov 2012-01-17 16:56 ` Will Drewry 2012-01-17 16:56 ` Will Drewry 2012-01-17 17:01 ` Andrew Lutomirski 2012-01-17 17:01 ` Andrew Lutomirski 2012-01-17 17:05 ` Oleg Nesterov 2012-01-17 17:45 ` Andrew Lutomirski 2012-01-17 17:45 ` Andrew Lutomirski 2012-01-18 0:56 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Indan Zupancic 2012-01-18 1:01 ` Andrew Lutomirski 2012-01-18 1:01 ` Andrew Lutomirski 2012-01-19 1:06 ` Indan Zupancic 2012-01-19 1:06 ` Indan Zupancic 2012-01-19 1:19 ` Andrew Lutomirski 2012-01-19 1:47 ` Indan Zupancic 2012-01-18 1:07 ` Roland McGrath 2012-01-18 1:47 ` Indan Zupancic 2012-01-18 1:48 ` Jamie Lokier 2012-01-18 1:50 ` Andi Kleen 2012-01-18 2:00 ` Steven Rostedt 2012-01-18 2:04 ` Jamie Lokier 2012-01-18 2:22 ` Andi Kleen 2012-01-18 2:22 ` Andi Kleen 2012-01-18 2:25 ` Andrew Lutomirski 2012-01-18 4:22 ` Indan Zupancic 2012-01-18 4:22 ` Indan Zupancic 2012-01-18 5:23 ` Linus Torvalds 2012-01-18 5:23 ` Linus Torvalds 2012-01-18 6:25 ` Linus Torvalds 2012-01-18 6:25 ` Linus Torvalds 2012-01-18 13:12 ` Compat 32-bit syscall entry from 64-bit task!? Indan Zupancic 2012-01-18 13:12 ` Indan Zupancic 2012-01-18 19:31 ` Linus Torvalds 2012-01-18 19:31 ` Linus Torvalds 2012-01-18 19:36 ` Andi Kleen 2012-01-18 19:36 ` Andi Kleen 2012-01-18 19:39 ` Linus Torvalds 2012-01-18 19:39 ` Linus Torvalds 2012-01-18 19:44 ` Andi Kleen 2012-01-18 19:44 ` Andi Kleen 2012-01-18 19:47 ` Linus Torvalds 2012-01-18 19:47 ` Linus Torvalds 2012-01-18 19:52 ` Will Drewry 2012-01-18 19:52 ` Will Drewry 2012-01-18 19:58 ` Will Drewry 2012-01-18 19:58 ` Will Drewry 2012-01-18 19:41 ` Martin Mares 2012-01-18 19:41 ` Martin Mares 2012-01-18 19:38 ` Andrew Lutomirski 2012-01-18 19:38 ` Andrew Lutomirski 2012-01-19 16:01 ` Jamie Lokier 2012-01-19 16:01 ` Jamie Lokier 2012-01-19 16:13 ` Andrew Lutomirski 2012-01-19 16:13 ` Andrew Lutomirski 2012-01-19 19:21 ` Linus Torvalds 2012-01-19 19:21 ` Linus Torvalds 2012-01-19 19:30 ` Andrew Lutomirski 2012-01-19 19:30 ` Andrew Lutomirski 2012-01-19 19:37 ` Linus Torvalds 2012-01-19 19:37 ` Linus Torvalds 2012-01-19 19:41 ` Linus Torvalds 2012-01-19 19:41 ` Linus Torvalds 2012-01-19 23:54 ` Jamie Lokier 2012-01-19 23:54 ` Jamie Lokier 2012-01-20 0:05 ` Linus Torvalds 2012-01-20 0:05 ` Linus Torvalds 2012-01-20 15:35 ` Will Drewry 2012-01-20 15:35 ` Will Drewry 2012-01-20 17:56 ` Roland McGrath 2012-01-20 17:56 ` Roland McGrath 2012-01-20 19:45 ` Will Drewry 2012-01-20 19:45 ` Will Drewry 2012-01-18 20:26 ` Linus Torvalds 2012-01-18 20:26 ` Linus Torvalds 2012-01-18 20:55 ` H. Peter Anvin 2012-01-18 20:55 ` H. Peter Anvin 2012-01-18 21:01 ` Linus Torvalds 2012-01-18 21:01 ` Linus Torvalds 2012-01-18 21:04 ` H. Peter Anvin 2012-01-18 21:04 ` H. Peter Anvin 2012-01-18 21:21 ` H. Peter Anvin 2012-01-18 21:21 ` H. Peter Anvin 2012-01-18 21:51 ` Roland McGrath 2012-01-18 21:51 ` Roland McGrath 2012-01-18 21:53 ` H. Peter Anvin 2012-01-18 21:53 ` H. Peter Anvin 2012-01-18 23:28 ` Linus Torvalds 2012-01-18 23:28 ` Linus Torvalds 2012-01-19 0:38 ` H. Peter Anvin 2012-01-19 0:38 ` H. Peter Anvin 2012-01-20 21:51 ` Denys Vlasenko 2012-01-20 21:51 ` Denys Vlasenko 2012-01-20 22:40 ` Roland McGrath 2012-01-20 22:40 ` Roland McGrath 2012-01-20 22:41 ` H. Peter Anvin 2012-01-20 22:41 ` H. Peter Anvin 2012-01-20 23:49 ` Indan Zupancic 2012-01-20 23:49 ` Indan Zupancic 2012-01-20 23:55 ` Roland McGrath 2012-01-20 23:55 ` Roland McGrath 2012-01-20 23:58 ` hpanvin@gmail.com 2012-01-20 23:58 ` hpanvin@gmail.com 2012-01-23 2:14 ` Indan Zupancic 2012-01-23 2:14 ` Indan Zupancic 2012-01-21 0:07 ` Denys Vlasenko 2012-01-21 0:07 ` Denys Vlasenko 2012-01-21 0:10 ` Roland McGrath 2012-01-21 0:10 ` Roland McGrath 2012-01-21 1:23 ` Jamie Lokier 2012-01-21 1:23 ` Jamie Lokier 2012-01-23 2:37 ` Indan Zupancic 2012-01-23 2:37 ` Indan Zupancic 2012-01-23 16:48 ` Oleg Nesterov 2012-01-23 16:48 ` Oleg Nesterov 2012-01-24 8:19 ` Indan Zupancic 2012-01-24 8:19 ` Indan Zupancic 2012-02-06 20:30 ` H. Peter Anvin 2012-02-06 20:30 ` H. Peter Anvin 2012-02-06 20:39 ` Roland McGrath 2012-02-06 20:39 ` Roland McGrath 2012-02-06 20:42 ` H. Peter Anvin 2012-02-06 20:42 ` H. Peter Anvin 2012-01-18 21:26 ` Linus Torvalds 2012-01-18 21:26 ` Linus Torvalds 2012-01-18 21:30 ` H. Peter Anvin 2012-01-18 21:30 ` H. Peter Anvin 2012-01-18 21:42 ` Linus Torvalds 2012-01-18 21:42 ` Linus Torvalds 2012-01-18 21:47 ` H. Peter Anvin 2012-01-18 21:47 ` H. Peter Anvin 2012-01-19 1:45 ` Indan Zupancic 2012-01-19 1:45 ` Indan Zupancic 2012-01-19 2:16 ` H. Peter Anvin 2012-01-19 2:16 ` H. Peter Anvin 2012-02-06 8:32 ` Indan Zupancic 2012-02-06 8:32 ` Indan Zupancic 2012-02-06 17:02 ` H. Peter Anvin 2012-02-06 17:02 ` H. Peter Anvin 2012-02-07 1:52 ` Indan Zupancic 2012-02-07 1:52 ` Indan Zupancic 2012-02-09 0:19 ` H. Peter Anvin 2012-02-09 0:19 ` H. Peter Anvin 2012-02-09 4:20 ` Indan Zupancic 2012-02-09 4:20 ` Indan Zupancic 2012-02-09 4:29 ` H. Peter Anvin 2012-02-09 4:29 ` H. Peter Anvin 2012-02-09 6:03 ` Indan Zupancic 2012-02-09 6:03 ` Indan Zupancic 2012-02-09 14:47 ` H. Peter Anvin 2012-02-09 14:47 ` H. Peter Anvin 2012-02-09 16:00 ` H.J. Lu 2012-02-09 16:00 ` H.J. Lu 2012-02-10 1:09 ` Indan Zupancic 2012-02-10 1:09 ` Indan Zupancic 2012-02-10 1:15 ` H. Peter Anvin 2012-02-10 1:15 ` H. Peter Anvin 2012-02-10 2:29 ` Indan Zupancic 2012-02-10 2:29 ` Indan Zupancic 2012-02-10 2:47 ` H. Peter Anvin 2012-02-10 2:47 ` H. Peter Anvin [not found] ` <cc95fcf4b1c28ee6f73e373d04593634.squirrel@webmail.greenhost.nl> 2012-02-10 15:53 ` H. Peter Anvin 2012-02-10 15:53 ` H. Peter Anvin 2012-02-10 22:42 ` Indan Zupancic 2012-02-10 22:42 ` Indan Zupancic 2012-02-10 22:56 ` H. Peter Anvin 2012-02-10 22:56 ` H. Peter Anvin 2012-02-12 12:07 ` Indan Zupancic 2012-02-12 12:07 ` Indan Zupancic 2012-01-25 19:36 ` Oleg Nesterov 2012-01-25 19:36 ` Oleg Nesterov 2012-01-25 20:20 ` Pedro Alves 2012-01-25 20:20 ` Pedro Alves 2012-01-25 23:36 ` Denys Vlasenko 2012-01-25 23:36 ` Denys Vlasenko 2012-01-25 23:32 ` Denys Vlasenko 2012-01-25 23:32 ` Denys Vlasenko 2012-01-26 0:40 ` Indan Zupancic 2012-01-26 0:40 ` Indan Zupancic 2012-01-26 1:08 ` Jamie Lokier 2012-01-26 1:08 ` Jamie Lokier 2012-01-26 1:22 ` Denys Vlasenko 2012-01-26 1:22 ` Denys Vlasenko 2012-01-26 6:34 ` Indan Zupancic 2012-01-26 6:34 ` Indan Zupancic 2012-01-26 10:31 ` Jamie Lokier 2012-01-26 10:31 ` Jamie Lokier 2012-01-26 10:40 ` Denys Vlasenko 2012-01-26 10:40 ` Denys Vlasenko 2012-01-26 11:01 ` Jamie Lokier 2012-01-26 11:01 ` Jamie Lokier 2012-01-26 14:02 ` Denys Vlasenko 2012-01-26 14:02 ` Denys Vlasenko 2012-01-26 11:19 ` Indan Zupancic 2012-01-26 11:19 ` Indan Zupancic 2012-01-26 11:20 ` Indan Zupancic 2012-01-26 11:20 ` Indan Zupancic 2012-01-26 11:47 ` Jamie Lokier 2012-01-26 11:47 ` Jamie Lokier 2012-01-26 14:05 ` Denys Vlasenko 2012-01-26 14:05 ` Denys Vlasenko 2012-01-27 7:23 ` Indan Zupancic 2012-01-27 7:23 ` Indan Zupancic 2012-02-10 2:02 ` Jamie Lokier 2012-02-10 2:02 ` Jamie Lokier 2012-02-10 3:37 ` Indan Zupancic 2012-02-10 3:37 ` Indan Zupancic 2012-02-10 21:19 ` Denys Vlasenko 2012-02-10 21:19 ` Denys Vlasenko 2012-01-26 1:09 ` Denys Vlasenko 2012-01-26 1:09 ` Denys Vlasenko 2012-01-26 3:47 ` Linus Torvalds 2012-01-26 3:47 ` Linus Torvalds 2012-01-26 18:03 ` Denys Vlasenko 2012-01-26 18:03 ` Denys Vlasenko 2017-03-08 23:41 ` Dmitry V. Levin 2017-03-08 23:41 ` Dmitry V. Levin 2017-03-09 4:39 ` Andrew Lutomirski 2017-03-09 4:39 ` Andrew Lutomirski 2017-03-14 2:57 ` Dmitry V. Levin 2017-03-14 2:57 ` Dmitry V. Levin 2012-01-26 5:57 ` Indan Zupancic 2012-01-26 5:57 ` Indan Zupancic 2012-01-26 0:59 ` Jamie Lokier 2012-01-26 0:59 ` Jamie Lokier 2012-01-26 1:21 ` Denys Vlasenko 2012-01-26 1:21 ` Denys Vlasenko 2012-01-26 8:23 ` Pedro Alves 2012-01-26 8:23 ` Pedro Alves 2012-01-26 8:53 ` Denys Vlasenko 2012-01-26 8:53 ` Denys Vlasenko 2012-01-26 9:51 ` Pedro Alves 2012-01-26 9:51 ` Pedro Alves 2012-01-26 18:44 ` Oleg Nesterov 2012-01-26 18:44 ` Oleg Nesterov 2012-02-10 2:51 ` Jamie Lokier 2012-02-10 2:51 ` Jamie Lokier 2012-01-18 15:04 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Eric Paris 2012-01-18 15:04 ` Eric Paris 2012-01-18 17:51 ` Linus Torvalds 2012-01-18 17:51 ` Linus Torvalds 2012-01-18 5:43 ` Chris Evans 2012-01-18 5:43 ` Chris Evans 2012-01-18 12:12 ` Indan Zupancic 2012-01-18 12:12 ` Indan Zupancic 2012-01-18 21:13 ` Chris Evans 2012-01-18 21:13 ` Chris Evans 2012-01-19 0:14 ` Indan Zupancic 2012-01-19 0:14 ` Indan Zupancic 2012-01-19 8:16 ` Chris Evans 2012-01-19 8:16 ` Chris Evans 2012-01-19 11:34 ` Indan Zupancic 2012-01-19 11:34 ` Indan Zupancic 2012-01-19 16:11 ` Jamie Lokier 2012-01-19 16:11 ` Jamie Lokier 2012-01-19 15:40 ` Jamie Lokier 2012-01-19 15:40 ` Jamie Lokier 2012-01-18 17:00 ` Oleg Nesterov 2012-01-18 17:00 ` Oleg Nesterov 2012-01-18 17:12 ` Oleg Nesterov 2012-01-18 17:12 ` Oleg Nesterov 2012-01-18 21:09 ` Chris Evans 2012-01-18 21:09 ` Chris Evans 2012-01-23 16:56 ` Oleg Nesterov 2012-01-23 16:56 ` Oleg Nesterov 2012-01-23 22:23 ` Chris Evans 2012-01-23 22:23 ` Chris Evans 2012-02-07 11:45 ` Indan Zupancic 2012-02-07 11:45 ` Indan Zupancic 2012-01-19 0:29 ` Indan Zupancic 2012-01-19 0:29 ` Indan Zupancic 2012-01-18 2:27 ` Linus Torvalds 2012-01-18 2:27 ` Linus Torvalds 2012-01-18 2:31 ` Andi Kleen 2012-01-18 2:31 ` Andi Kleen 2012-01-18 2:46 ` Linus Torvalds 2012-01-18 2:46 ` Linus Torvalds 2012-01-18 14:06 ` Martin Mares 2012-01-18 14:06 ` Martin Mares 2012-01-18 18:24 ` Andi Kleen 2012-01-18 18:24 ` Andi Kleen 2012-01-19 16:04 ` Jamie Lokier 2012-01-19 16:04 ` Jamie Lokier 2012-01-20 0:21 ` Indan Zupancic 2012-01-20 0:21 ` Indan Zupancic 2012-01-20 0:53 ` Linus Torvalds 2012-01-20 0:53 ` Linus Torvalds 2012-01-20 2:02 ` Indan Zupancic 2012-01-20 2:02 ` Indan Zupancic 2012-01-17 17:06 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry 2012-01-17 17:06 ` Will Drewry 2012-01-17 19:35 ` Will Drewry 2012-01-17 19:35 ` Will Drewry 2012-01-12 17:02 ` Andrew Lutomirski 2012-01-12 17:02 ` Andrew Lutomirski 2012-01-16 20:28 ` Will Drewry 2012-01-16 20:28 ` Will Drewry 2012-01-11 17:25 ` [RFC,PATCH 2/2] Documentation: prctl/seccomp_filter Will Drewry 2012-01-11 20:03 ` Jonathan Corbet 2012-01-11 20:10 ` Will Drewry 2012-01-11 20:10 ` Will Drewry 2012-01-11 23:19 ` [PATCH v2 " Will Drewry 2012-01-12 0:29 ` Will Drewry 2012-01-12 0:29 ` Will Drewry 2012-01-12 18:16 ` Randy Dunlap 2012-01-12 17:23 ` Will Drewry 2012-01-12 17:34 ` Steven Rostedt 2012-01-12 13:13 ` [RFC,PATCH " Łukasz Sowa 2012-01-12 17:25 ` Will Drewry 2012-01-12 17:25 ` Will Drewry
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CA+55aFwLoOT-5oRn0k9oErAhTW4hT0_-bMXsn-mf00zcxmHheQ@mail.gmail.com \ --to=torvalds@linux-foundation.org \ --cc=ak@linux.intel.com \ --cc=akpm@linux-foundation.org \ --cc=amwang@redhat.com \ --cc=avi@redhat.com \ --cc=borislav.petkov@amd.com \ --cc=coreyb@linux.vnet.ibm.com \ --cc=daniel.lezcano@free.fr \ --cc=dhowells@redhat.com \ --cc=djm@mindrot.org \ --cc=dlaor@redhat.com \ --cc=eparis@redhat.com \ --cc=eric.dumazet@gmail.com \ --cc=gregkh@suse.de \ --cc=jmorris@namei.org \ --cc=john.johansen@canonical.com \ --cc=keescook@chromium.org \ --cc=khilman@ti.com \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=luto@mit.edu \ --cc=mhalcrow@google.com \ --cc=mingo@elte.hu \ --cc=oleg@redhat.com \ --cc=olofj@chromium.org \ --cc=penberg@cs.helsinki.fi \ --cc=pmoore@redhat.com \ --cc=rostedt@goodmis.org \ --cc=scarybeasts@gmail.com \ --cc=segoon@openwall.com \ --cc=serge.hallyn@canonical.com \ --cc=viro@zeniv.linux.org.uk \ --cc=wad@chromium.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.