* [GIT PULL] seccomp updates for next
@ 2017-06-26 17:02 Kees Cook
2017-06-27 3:27 ` James Morris
0 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2017-06-26 17:02 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, linux-kernel
Hi James,
Please pull these seccomp changes for next. These are all tiny changes,
but I got delayed sending them to you. I'd like have these land for v4.13;
I should have sent them for v4.12. :P
Thanks!
-Kees
The following changes since commit 08332893e37af6ae779367e78e444f8f9571511d:
Linux 4.12-rc2 (2017-05-21 19:30:23 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next
for you to fetch changes up to 0b5fa2290637a3235898d18dc0e7a136783f1bd2:
seccomp: Switch from atomic_t to recount_t (2017-06-26 09:24:00 -0700)
----------------------------------------------------------------
- cleans up some coding style issues
- adjusts selftests to work correctly under Bionic
- switch from atomic_t to refcount_t for usage tracking
----------------------------------------------------------------
Kees Cook (3):
seccomp: Clean up core dump logic
seccomp: Adjust selftests to avoid double-join
seccomp: Switch from atomic_t to recount_t
kernel/seccomp.c | 16 ++++-----
tools/testing/selftests/seccomp/seccomp_bpf.c | 51 ++++++++++++++++++---------
2 files changed, 42 insertions(+), 25 deletions(-)
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] seccomp updates for next
2017-06-26 17:02 [GIT PULL] seccomp updates for next Kees Cook
@ 2017-06-27 3:27 ` James Morris
0 siblings, 0 replies; 8+ messages in thread
From: James Morris @ 2017-06-27 3:27 UTC (permalink / raw)
To: Kees Cook; +Cc: linux-security-module, linux-kernel
On Mon, 26 Jun 2017, Kees Cook wrote:
> Hi James,
>
> Please pull these seccomp changes for next. These are all tiny changes,
> but I got delayed sending them to you. I'd like have these land for v4.13;
> I should have sent them for v4.12. :P
Pulled to -next, thanks.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] seccomp updates for next
2018-12-12 23:16 Kees Cook
@ 2018-12-13 0:08 ` James Morris
0 siblings, 0 replies; 8+ messages in thread
From: James Morris @ 2018-12-13 0:08 UTC (permalink / raw)
To: Kees Cook; +Cc: linux-kernel, Serge Hallyn, Tycho Andersen
On Wed, 12 Dec 2018, Kees Cook wrote:
> Hi James,
>
> Please pull these seccomp changes for next.
>
Pulled to next-seccomp and next-testing in:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [GIT PULL] seccomp updates for next
@ 2018-12-12 23:16 Kees Cook
2018-12-13 0:08 ` James Morris
0 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2018-12-12 23:16 UTC (permalink / raw)
To: James Morris; +Cc: linux-kernel, Kees Cook, Serge Hallyn, Tycho Andersen
Hi James,
Please pull these seccomp changes for next.
Thanks!
-Kees
The following changes since commit ccda4af0f4b92f7b4c308d3acc262f4a7e3affad:
Linux 4.20-rc2 (2018-11-11 17:12:31 -0600)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next
for you to fetch changes up to fec7b6690541b8128663a13c9586b1daf42b0a6c:
samples: add an example of seccomp user trap (2018-12-11 16:32:11 -0800)
----------------------------------------------------------------
Add SECCOMP_RET_USER_NOTIF
----------------------------------------------------------------
Tycho Andersen (4):
seccomp: hoist struct seccomp_data recalculation higher
seccomp: switch system call argument type to void *
seccomp: add a return code to trap to userspace
samples: add an example of seccomp user trap
Documentation/ioctl/ioctl-number.txt | 1 +
Documentation/userspace-api/seccomp_filter.rst | 84 +++++
include/linux/seccomp.h | 9 +-
include/linux/syscalls.h | 2 +-
include/uapi/linux/seccomp.h | 40 ++-
kernel/seccomp.c | 468 ++++++++++++++++++++++++-
samples/seccomp/.gitignore | 1 +
samples/seccomp/Makefile | 7 +-
samples/seccomp/user-trap.c | 375 ++++++++++++++++++++
tools/testing/selftests/seccomp/seccomp_bpf.c | 447 ++++++++++++++++++++++-
10 files changed, 1411 insertions(+), 23 deletions(-)
create mode 100644 samples/seccomp/user-trap.c
--
Kees Cook
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] seccomp updates for next
2017-11-29 0:38 Kees Cook
@ 2017-11-29 1:55 ` James Morris
0 siblings, 0 replies; 8+ messages in thread
From: James Morris @ 2017-11-29 1:55 UTC (permalink / raw)
To: Kees Cook; +Cc: linux-kernel, linux-security-module, Tycho Andersen
On Tue, 28 Nov 2017, Kees Cook wrote:
> Hi James,
>
> Please pull these seccomp changes for next. This implements an interface
> for examining seccomp filter metadata when using CRIU.
>
Applied to next-testing and next-seccomp at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
--
James Morris
<james.l.morris@oracle.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [GIT PULL] seccomp updates for next
@ 2017-11-29 0:38 Kees Cook
2017-11-29 1:55 ` James Morris
0 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2017-11-29 0:38 UTC (permalink / raw)
To: James Morris; +Cc: linux-kernel, linux-security-module, Tycho Andersen
Hi James,
Please pull these seccomp changes for next. This implements an interface
for examining seccomp filter metadata when using CRIU.
Thanks!
-Kees
The following changes since commit 4fbd8d194f06c8a3fd2af1ce560ddb31f7ec8323:
Linux 4.15-rc1 (2017-11-26 16:01:47 -0800)
are available in the git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next
for you to fetch changes up to 26500475ac1b499d8636ff281311d633909f5d20:
ptrace, seccomp: add support for retrieving seccomp metadata (2017-11-28 15:41:01 -0800)
----------------------------------------------------------------
add support for retrieving seccomp filter metadata (Tycho Andersen)
----------------------------------------------------------------
Tycho Andersen (2):
seccomp: hoist out filter resolving logic
ptrace, seccomp: add support for retrieving seccomp metadata
include/linux/seccomp.h | 8 ++++
include/uapi/linux/ptrace.h | 6 +++
kernel/ptrace.c | 4 ++
kernel/seccomp.c | 106 +++++++++++++++++++++++++++++++-------------
4 files changed, 94 insertions(+), 30 deletions(-)
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [GIT PULL] seccomp updates for next
2017-08-15 22:03 Kees Cook
@ 2017-08-16 2:33 ` James Morris
0 siblings, 0 replies; 8+ messages in thread
From: James Morris @ 2017-08-16 2:33 UTC (permalink / raw)
To: Kees Cook
Cc: James Morris, linux-kernel, Andy Lutomirski, Tyler Hicks,
linux-security-module
On Tue, 15 Aug 2017, Kees Cook wrote:
> Hi James,
>
> Please pull these seccomp changes for next.
>
Pulled to -next, thanks!
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [GIT PULL] seccomp updates for next
@ 2017-08-15 22:03 Kees Cook
2017-08-16 2:33 ` James Morris
0 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2017-08-15 22:03 UTC (permalink / raw)
To: James Morris
Cc: linux-kernel, Andy Lutomirski, Tyler Hicks, linux-security-module
Hi James,
Please pull these seccomp changes for next.
Thanks!
-Kees
The following changes since commit 520eccdfe187591a51ea9ab4c1a024ae4d0f68d9:
Linux 4.13-rc2 (2017-07-23 16:15:17 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-next
for you to fetch changes up to f3e1821d9e1cc3fb434d7763001791dcd6720c90:
selftests/seccomp: Test thread vs process killing (2017-08-14 13:46:50 -0700)
----------------------------------------------------------------
Major additions:
- sysctl and seccomp operation to discover available actions. (tyhicks)
- new per-filter configurable logging infrastructure and sysctl. (tyhicks)
- SECCOMP_RET_LOG to log allowed syscalls. (tyhicks)
- SECCOMP_RET_KILL_PROCESS as the new strictest possible action.
- self-tests for new behaviors.
----------------------------------------------------------------
Kees Cook (8):
selftests/seccomp: Add tests for basic ptrace actions
selftests/seccomp: Add simple seccomp overhead benchmark
selftests/seccomp: Refactor RET_ERRNO tests
seccomp: Provide matching filter for introspection
seccomp: Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD
seccomp: Introduce SECCOMP_RET_KILL_PROCESS
seccomp: Implement SECCOMP_RET_KILL_PROCESS action
selftests/seccomp: Test thread vs process killing
Tyler Hicks (6):
seccomp: Sysctl to display available actions
seccomp: Operation for checking if an action is available
seccomp: Sysctl to configure actions that are allowed to be logged
seccomp: Selftest for detection of filter flag support
seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW
seccomp: Action to log before allowing
Documentation/networking/filter.txt | 2 +-
Documentation/sysctl/kernel.txt | 1 +
Documentation/userspace-api/seccomp_filter.rst | 52 +-
include/linux/audit.h | 6 +-
include/linux/seccomp.h | 3 +-
include/uapi/linux/seccomp.h | 23 +-
kernel/seccomp.c | 321 ++++++++++-
samples/seccomp/bpf-direct.c | 4 +-
samples/seccomp/bpf-helper.h | 2 +-
tools/testing/selftests/seccomp/Makefile | 18 +-
.../testing/selftests/seccomp/seccomp_benchmark.c | 99 ++++
tools/testing/selftests/seccomp/seccomp_bpf.c | 610 +++++++++++++++++----
12 files changed, 1009 insertions(+), 132 deletions(-)
create mode 100644 tools/testing/selftests/seccomp/seccomp_benchmark.c
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-12-13 1:05 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-26 17:02 [GIT PULL] seccomp updates for next Kees Cook
2017-06-27 3:27 ` James Morris
2017-08-15 22:03 Kees Cook
2017-08-16 2:33 ` James Morris
2017-11-29 0:38 Kees Cook
2017-11-29 1:55 ` James Morris
2018-12-12 23:16 Kees Cook
2018-12-13 0:08 ` James Morris
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).