* Adding support for SECCOMP_FILTER
@ 2020-07-21 18:59 John Paul Adrian Glaubitz
2020-07-22 3:13 ` Rob Landley
2020-07-22 23:31 ` John Paul Adrian Glaubitz
0 siblings, 2 replies; 3+ messages in thread
From: John Paul Adrian Glaubitz @ 2020-07-21 18:59 UTC (permalink / raw)
To: linux-sh
Hello!
I recently discovered that the kernel supports seccomp on Linux as support
was added in 2.6.27 [1].
I consequently added SH support to libseccomp [2], only to discover that we
are missing the SECCOMP_FILTER feature. Looking at the changes for PA-RISC [3]
and RISC-V [4], the necessary changes in the kernel seem to be rather modest.
Would anyone be willing to help me to implement SECCOMP_FILTER for SH? From what
I can see, we just need to implement the part to add syscall filtering.
Adrian
> [1] https://github.com/torvalds/linux/commit/c4637d475170ca0d99973efd07df727012db6cd1
> [2] https://github.com/seccomp/libseccomp/pull/271
> [3] https://github.com/torvalds/linux/commit/910cd32e552ea09caa89cdbe328e468979b030dd
> [4] https://github.com/torvalds/linux/commit/5340627e3fe08030988bdda46dd86cd5d5fb7517
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Adding support for SECCOMP_FILTER
2020-07-21 18:59 Adding support for SECCOMP_FILTER John Paul Adrian Glaubitz
@ 2020-07-22 3:13 ` Rob Landley
2020-07-22 23:31 ` John Paul Adrian Glaubitz
1 sibling, 0 replies; 3+ messages in thread
From: Rob Landley @ 2020-07-22 3:13 UTC (permalink / raw)
To: linux-sh
On 7/21/20 1:59 PM, John Paul Adrian Glaubitz wrote:
> Hello!
>
> I recently discovered that the kernel supports seccomp on Linux as support
> was added in 2.6.27 [1].
>
> I consequently added SH support to libseccomp [2], only to discover that we
> are missing the SECCOMP_FILTER feature. Looking at the changes for PA-RISC [3]
> and RISC-V [4], the necessary changes in the kernel seem to be rather modest.
>
> Would anyone be willing to help me to implement SECCOMP_FILTER for SH? From what
> I can see, we just need to implement the part to add syscall filtering.
I dunno how much help I'd be (never having used seccomp), but I can try to
reproduce what you do on a second setup? :)
Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Adding support for SECCOMP_FILTER
2020-07-21 18:59 Adding support for SECCOMP_FILTER John Paul Adrian Glaubitz
2020-07-22 3:13 ` Rob Landley
@ 2020-07-22 23:31 ` John Paul Adrian Glaubitz
1 sibling, 0 replies; 3+ messages in thread
From: John Paul Adrian Glaubitz @ 2020-07-22 23:31 UTC (permalink / raw)
To: linux-sh
On 7/21/20 8:59 PM, John Paul Adrian Glaubitz wrote:
> Would anyone be willing to help me to implement SECCOMP_FILTER for SH? From what
> I can see, we just need to implement the part to add syscall filtering.
Patches have been posted by Michael Karcher now to this list.
The seccomp library code is also ready for merging, see [1].
All tests pass as expected, including the live tests (with the exception
of #51 which is broken on all 32-bit targets).
Adrian
> [1] https://github.com/glaubitz/libseccomp/tree/superh
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-22 23:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21 18:59 Adding support for SECCOMP_FILTER John Paul Adrian Glaubitz
2020-07-22 3:13 ` Rob Landley
2020-07-22 23:31 ` John Paul Adrian Glaubitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).