Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value

2013-01-14 Thread Corey Bryant 



On 01/14/2013 04:45 PM, Paul Moore wrote:

On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote:

Adds a new return value to seccomp filters that causes an
informational kernel message to be printed.  The message
includes the system call number and architecture.

This can be used to learn the system calls that a process
is using.

Signed-off-by: Corey Bryant 


Were do things currently stand with this patchset?  It still seems like a
reasonable addition to me.



Thanks for asking.  I haven't heard anything in response to the v2 
patches.  Does anyone have any comments/thoughts?


--
Regards,
Corey Bryant

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value

2013-01-14 Thread Paul Moore 
On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote:
> Adds a new return value to seccomp filters that causes an
> informational kernel message to be printed.  The message
> includes the system call number and architecture.
> 
> This can be used to learn the system calls that a process
> is using.
> 
> Signed-off-by: Corey Bryant 

Were do things currently stand with this patchset?  It still seems like a 
reasonable addition to me.

-- 
paul moore
security and virtualization @ redhat

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value

2013-01-14 Thread Paul Moore 
On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote:
 Adds a new return value to seccomp filters that causes an
 informational kernel message to be printed.  The message
 includes the system call number and architecture.
 
 This can be used to learn the system calls that a process
 is using.
 
 Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com

Were do things currently stand with this patchset?  It still seems like a 
reasonable addition to me.

-- 
paul moore
security and virtualization @ redhat

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value

2013-01-14 Thread Corey Bryant 



On 01/14/2013 04:45 PM, Paul Moore wrote:

On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote:

Adds a new return value to seccomp filters that causes an
informational kernel message to be printed.  The message
includes the system call number and architecture.

This can be used to learn the system calls that a process
is using.

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com


Were do things currently stand with this patchset?  It still seems like a
reasonable addition to me.



Thanks for asking.  I haven't heard anything in response to the v2 
patches.  Does anyone have any comments/thoughts?


--
Regards,
Corey Bryant

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value

2013-01-07 Thread Corey Bryant 
Adds a new return value to seccomp filters that causes an
informational kernel message to be printed.  The message
includes the system call number and architecture.

This can be used to learn the system calls that a process
is using.

Signed-off-by: Corey Bryant 
---
v2:
  - Add arch to message (w...@chromium.org)

 include/uapi/linux/seccomp.h | 1 +
 kernel/seccomp.c | 6 ++
 2 files changed, 7 insertions(+)

diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index ac2dc9f..0086626 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -22,6 +22,7 @@
 #define SECCOMP_RET_TRAP   0x0003U /* disallow and force a SIGSYS */
 #define SECCOMP_RET_ERRNO  0x0005U /* returns an errno */
 #define SECCOMP_RET_TRACE  0x7ff0U /* pass to a tracer or disallow */
+#define SECCOMP_RET_INFO   0x7ff7U /* print info message and allow */
 #define SECCOMP_RET_ALLOW  0x7fffU /* allow */
 
 /* Masks for the return value sections. */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 5af44b5..954bb40 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -433,6 +433,12 @@ int __secure_computing(int this_syscall)
goto skip;  /* Explicit request to skip. */
 
return 0;
+   case SECCOMP_RET_INFO:
+   if (printk_ratelimit())
+   pr_info("seccomp: syscall=%d, arch=0x%X\n",
+   this_syscall,
+   syscall_get_arch(current, regs));
+   return 0;
case SECCOMP_RET_ALLOW:
return 0;
case SECCOMP_RET_KILL:
-- 
1.7.11.7

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value

2013-01-07 Thread Corey Bryant 
Adds a new return value to seccomp filters that causes an
informational kernel message to be printed.  The message
includes the system call number and architecture.

This can be used to learn the system calls that a process
is using.

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com
---
v2:
  - Add arch to message (w...@chromium.org)

 include/uapi/linux/seccomp.h | 1 +
 kernel/seccomp.c | 6 ++
 2 files changed, 7 insertions(+)

diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index ac2dc9f..0086626 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -22,6 +22,7 @@
 #define SECCOMP_RET_TRAP   0x0003U /* disallow and force a SIGSYS */
 #define SECCOMP_RET_ERRNO  0x0005U /* returns an errno */
 #define SECCOMP_RET_TRACE  0x7ff0U /* pass to a tracer or disallow */
+#define SECCOMP_RET_INFO   0x7ff7U /* print info message and allow */
 #define SECCOMP_RET_ALLOW  0x7fffU /* allow */
 
 /* Masks for the return value sections. */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 5af44b5..954bb40 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -433,6 +433,12 @@ int __secure_computing(int this_syscall)
goto skip;  /* Explicit request to skip. */
 
return 0;
+   case SECCOMP_RET_INFO:
+   if (printk_ratelimit())
+   pr_info(seccomp: syscall=%d, arch=0x%X\n,
+   this_syscall,
+   syscall_get_arch(current, regs));
+   return 0;
case SECCOMP_RET_ALLOW:
return 0;
case SECCOMP_RET_KILL:
-- 
1.7.11.7

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/