User: Password:
|
|
Subscribe / Log in / New account

seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_TSYNC

From:  Kees Cook <keescook@chromium.org>
To:  linux-kernel@vger.kernel.org
Subject:  [PATCH v2 0/3] seccomp: add PR_SECCOMP_EXT and SECCOMP_EXT_ACT_TSYNC
Date:  Thu, 17 Apr 2014 11:05:01 -0700
Message-ID:  <1397757904-30665-1-git-send-email-keescook@chromium.org>
Cc:  John Johansen <john.johansen@canonical.com>, Kees Cook <keescook@chromium.org>, Oleg Nesterov <oleg@redhat.com>, Andy Lutomirski <luto@amacapital.net>, Will Drewry <wad@chromium.org>, Julien Tinnes <jln@chromium.org>, linux-doc@vger.kernel.org, linux-security-module@vger.kernel.org
Archive-link:  Article

This adds the ability for threads to request seccomp filter 
synchronization across their thread group. To support this, 
seccomp locking on writes is introduced, along with refactoring
of no_new_privs. Races with thread creation are handled via the
tasklist_list. 

I think all the concerns raised during the discussion[1] of the first
version of this patch have been addressed. However, the races involved
have tricked me before. :)

Thanks!

-Kees

[1] https://lkml.org/lkml/2014/1/13/795

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/


Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds