Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value
On 01/14/2013 04:45 PM, Paul Moore wrote: On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote: Adds a new return value to seccomp filters that causes an informational kernel message to be printed. The message includes the system call number and architecture. This can be used to learn the system calls that a process is using. Signed-off-by: Corey Bryant Were do things currently stand with this patchset? It still seems like a reasonable addition to me. Thanks for asking. I haven't heard anything in response to the v2 patches. Does anyone have any comments/thoughts? -- Regards, Corey Bryant -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value
On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote: > Adds a new return value to seccomp filters that causes an > informational kernel message to be printed. The message > includes the system call number and architecture. > > This can be used to learn the system calls that a process > is using. > > Signed-off-by: Corey Bryant Were do things currently stand with this patchset? It still seems like a reasonable addition to me. -- paul moore security and virtualization @ redhat -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value
On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote: Adds a new return value to seccomp filters that causes an informational kernel message to be printed. The message includes the system call number and architecture. This can be used to learn the system calls that a process is using. Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com Were do things currently stand with this patchset? It still seems like a reasonable addition to me. -- paul moore security and virtualization @ redhat -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value
On 01/14/2013 04:45 PM, Paul Moore wrote: On Monday, January 07, 2013 12:09:03 PM Corey Bryant wrote: Adds a new return value to seccomp filters that causes an informational kernel message to be printed. The message includes the system call number and architecture. This can be used to learn the system calls that a process is using. Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com Were do things currently stand with this patchset? It still seems like a reasonable addition to me. Thanks for asking. I haven't heard anything in response to the v2 patches. Does anyone have any comments/thoughts? -- Regards, Corey Bryant -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value
Adds a new return value to seccomp filters that causes an informational kernel message to be printed. The message includes the system call number and architecture. This can be used to learn the system calls that a process is using. Signed-off-by: Corey Bryant --- v2: - Add arch to message (w...@chromium.org) include/uapi/linux/seccomp.h | 1 + kernel/seccomp.c | 6 ++ 2 files changed, 7 insertions(+) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index ac2dc9f..0086626 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -22,6 +22,7 @@ #define SECCOMP_RET_TRAP 0x0003U /* disallow and force a SIGSYS */ #define SECCOMP_RET_ERRNO 0x0005U /* returns an errno */ #define SECCOMP_RET_TRACE 0x7ff0U /* pass to a tracer or disallow */ +#define SECCOMP_RET_INFO 0x7ff7U /* print info message and allow */ #define SECCOMP_RET_ALLOW 0x7fffU /* allow */ /* Masks for the return value sections. */ diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 5af44b5..954bb40 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -433,6 +433,12 @@ int __secure_computing(int this_syscall) goto skip; /* Explicit request to skip. */ return 0; + case SECCOMP_RET_INFO: + if (printk_ratelimit()) + pr_info("seccomp: syscall=%d, arch=0x%X\n", + this_syscall, + syscall_get_arch(current, regs)); + return 0; case SECCOMP_RET_ALLOW: return 0; case SECCOMP_RET_KILL: -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value
Adds a new return value to seccomp filters that causes an informational kernel message to be printed. The message includes the system call number and architecture. This can be used to learn the system calls that a process is using. Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com --- v2: - Add arch to message (w...@chromium.org) include/uapi/linux/seccomp.h | 1 + kernel/seccomp.c | 6 ++ 2 files changed, 7 insertions(+) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index ac2dc9f..0086626 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -22,6 +22,7 @@ #define SECCOMP_RET_TRAP 0x0003U /* disallow and force a SIGSYS */ #define SECCOMP_RET_ERRNO 0x0005U /* returns an errno */ #define SECCOMP_RET_TRACE 0x7ff0U /* pass to a tracer or disallow */ +#define SECCOMP_RET_INFO 0x7ff7U /* print info message and allow */ #define SECCOMP_RET_ALLOW 0x7fffU /* allow */ /* Masks for the return value sections. */ diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 5af44b5..954bb40 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -433,6 +433,12 @@ int __secure_computing(int this_syscall) goto skip; /* Explicit request to skip. */ return 0; + case SECCOMP_RET_INFO: + if (printk_ratelimit()) + pr_info(seccomp: syscall=%d, arch=0x%X\n, + this_syscall, + syscall_get_arch(current, regs)); + return 0; case SECCOMP_RET_ALLOW: return 0; case SECCOMP_RET_KILL: -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/