09:09PM +0100, Christian Brauner wrote:
> > > > On Sat, Feb 20, 2021 at 01:31:57AM -0800, Sargun Dhillon wrote:
> > > > > We've run into a problem where attaching a filter can be quite messy
> > > > > business because the filter itself intercepts sendmsg, and o
7202-1-sar...@sargun.me/
[2]: https://lore.kernel.org/lkml/202012011322.26DCBC64F2@keescook/
Rodrigo Campos (1):
seccomp: Support atomic "addfd + send reply"
Sargun Dhillon (4):
seccomp: Refactor notification handler to prepare for new semantics
seccomp: Add wait_killable semantic to s
addfd calls prior to returning to userspace.
Signed-off-by: Sargun Dhillon
---
kernel/seccomp.c | 30 --
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 952dc1c90229..b48fb0a29455 100644
--- a/kernel/seccomp.c
it is only killable by terminating signals as opposed to all
signals. The process can still be terminated before the supervisor receives
the notification.
Signed-off-by: Sargun Dhillon
[1]: https://github.com/golang/go/issues/24543
---
.../userspace-api/seccomp_filter.rst | 15 +++---
include
-by: Sargun Dhillon
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 64 +++
1 file changed, 64 insertions(+)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 26c72f2b61b1..48ad53030d5a 100644
--- a/tools/testing
l.org/lkml/202012011322.26DCBC64F2@keescook/
Signed-off-by: Rodrigo Campos
Signed-off-by: Sargun Dhillon
---
include/uapi/linux/seccomp.h | 1 +
kernel/seccomp.c | 49 +---
2 files changed, 46 insertions(+), 4 deletions(-)
diff --git a/include/uapi/linux/seccomp.h
This just adds a test to verify that when using the new introduced flag
to ADDFD, a valid fd is added and returned as the syscall result.
Signed-off-by: Rodrigo Campos
Signed-off-by: Sargun Dhillon
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 38 +++
1 file changed, 38
7202-1-sar...@sargun.me/
[2]: https://lore.kernel.org/lkml/202012011322.26DCBC64F2@keescook/
Rodrigo Campos (1):
seccomp: Support atomic "addfd + send reply"
Sargun Dhillon (4):
seccomp: Refactor notification handler to prepare for new semantics
seccomp: Add wait_killable semantic to s
We've run into a problem where attaching a filter can be quite messy
business because the filter itself intercepts sendmsg, and other
syscalls related to exfiltrating the listener FD. I believe that this
problem set has been brought up before, and although there are
"simpler" methods of
-by: Sargun Dhillon
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 60 +++
1 file changed, 60 insertions(+)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c
b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 26c72f2b61b1..a8ef4558d673 100644
--- a/tools/testing
addfd calls prior to returning to userspace.
Signed-off-by: Sargun Dhillon
---
kernel/seccomp.c | 30 --
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 952dc1c90229..b48fb0a29455 100644
--- a/kernel/seccomp.c
it is only killable by terminating signals as opposed to all
signals.
Signed-off-by: Sargun Dhillon
[1]: https://github.com/golang/go/issues/24543
---
include/uapi/linux/seccomp.h | 10 ++
kernel/seccomp.c | 35 +--
2 files changed, 39 insertions
ashed down, but it's split out for easier review.
Sargun Dhillon (3):
seccomp: Refactor notification handler to prepare for new semantics
seccomp: Add wait_killable semantic to seccomp user notifier
selftests/seccomp: Add test for wait killable notifier
include/uapi/linux/seccomp.h
On Mon, Dec 28, 2020 at 9:26 AM Jeff Layton wrote:
>
> On Mon, 2020-12-28 at 15:56 +, Matthew Wilcox wrote:
> > On Mon, Dec 28, 2020 at 08:25:50AM -0500, Jeff Layton wrote:
> > > To be clear, the main thing you'll lose with the method above is the
> > > ability to see an unseen error on a
On Thu, Dec 24, 2020 at 11:32:55AM +0200, Amir Goldstein wrote:
> On Wed, Dec 23, 2020 at 10:44 PM Matthew Wilcox wrote:
> >
> > On Wed, Dec 23, 2020 at 08:21:41PM +, Sargun Dhillon wrote:
> > > On Wed, Dec 23, 2020 at 08:07:46PM +, Matthew Wilcox wrote:
> >
On Wed, Dec 23, 2020 at 08:07:46PM +, Matthew Wilcox wrote:
> On Wed, Dec 23, 2020 at 07:29:41PM +0000, Sargun Dhillon wrote:
> > On Wed, Dec 23, 2020 at 06:50:44PM +, Matthew Wilcox wrote:
> > > On Wed, Dec 23, 2020 at 06:20:27PM +0000, Sargun Dhillon wrote:
> &g
On Wed, Dec 23, 2020 at 06:50:44PM +, Matthew Wilcox wrote:
> On Wed, Dec 23, 2020 at 06:20:27PM +0000, Sargun Dhillon wrote:
> > I fail to see why this is neccessary if you incorporate error reporting
> > into the
> > sync_fs callback. Why is this separate from that ca
On Mon, Dec 21, 2020 at 02:50:55PM -0500, Vivek Goyal wrote:
> Currently syncfs() and fsync() seem to be two interfaces which check and
> return writeback errors on superblock to user space. fsync() should
> work fine with overlayfs as it relies on underlying filesystem to
> do the check and
of the
container,
or safely triggered outside, with the requisite context to do the right
mapping. * Handle whatever refactoring needs to be done in net/sunrpc.
Signed-off-by: Sargun Dhillon
Tested-by: Alban Crequy
---
fs/nfs/nfs4client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion
ca...@hammerspace.com/
[2]: https://lore.kernel.org/linux-nfs/20201112100952.3514-1-sar...@sargun.me/
Sargun Dhillon (2):
NFS: NFSv2/NFSv3: Use cred from fs_context during mount
NFSv4: Refactor to use user namespaces for nfs4idmap
fs/nfs/client.c | 4 ++--
fs/nfs/nfs4client.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--
2.25.1
-by: Sargun Dhillon
Tested-by: Alban Crequy
---
fs/nfs/client.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 4b8cc93913f7..1e6f3b3ed445 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -571,7 +571,7 @@ static int
On Tue, Dec 01, 2020 at 07:41:05AM -0500, Tycho Andersen wrote:
> On Mon, Nov 30, 2020 at 06:20:09PM -0500, Tycho Andersen wrote:
> > Idea 1 sounds best to me, but maybe that's because it's the way I
> > originally did the fd support that never landed :)
> >
> > But here's an Idea 4: we add a way
On Mon, Nov 30, 2020 at 06:20:09PM -0500, Tycho Andersen wrote:
> Hi,
>
> On Thu, Nov 26, 2020 at 02:09:33PM +0100, Alban Crequy wrote:
> > Hi,
> >
> > With the addfd feature (added in “seccomp: Introduce addfd ioctl to
> > seccomp user notifier”, commit 7cf97b125455), the new file is
> >
On Thu, Nov 12, 2020 at 02:09:50AM -0800, Sargun Dhillon wrote:
> Right now, it is possible to mount NFS with an non-matching super block
> user ns, and NFS sunrpc user ns. This (for the user) results in an awkward
> set of interactions if using anything other than auth_null, where
On Thu, Nov 12, 2020 at 02:09:50AM -0800, Sargun Dhillon wrote:
> Right now, it is possible to mount NFS with an non-matching super block
> user ns, and NFS sunrpc user ns. This (for the user) results in an awkward
> set of interactions if using anything other than auth_null, where
-by: Sargun Dhillon
Tested-by: Alban Crequy
---
fs/nfs/client.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 4b8cc93913f7..1e6f3b3ed445 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -571,7 +571,7 @@ static int
of the
container,
or safely triggered outside, with the requisite context to do the right
mapping. * Handle whatever refactoring needs to be done in net/sunrpc.
Signed-off-by: Sargun Dhillon
Tested-by: Alban Crequy
---
fs/nfs/nfs4client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion
ur is for UIDs to be plumbed through entirely, where the user
namespaces UIDs are what is sent over the wire, and not the init user ns.
[1]:
https://lore.kernel.org/linux-nfs/8feccf45f6575a204da03e796391cc135283eb88.ca...@hammerspace.com/
Sargun Dhillon (2):
NFS: NFSv2/NFSv3: Use cred from fs_
On Thu, Nov 12, 2020 at 12:30:56AM +, Sargun Dhillon wrote:
> On Wed, Nov 11, 2020 at 08:03:18PM +, Trond Myklebust wrote:
> > On Wed, 2020-11-11 at 18:57 +0000, Sargun Dhillon wrote:
> > > On Wed, Nov 11, 2020 at 02:38:11PM +, Trond Myklebust wrote:
> > > &g
On Wed, Nov 11, 2020 at 08:03:18PM +, Trond Myklebust wrote:
> On Wed, 2020-11-11 at 18:57 +0000, Sargun Dhillon wrote:
> > On Wed, Nov 11, 2020 at 02:38:11PM +, Trond Myklebust wrote:
> > > On Wed, 2020-11-11 at 11:12 +0000, Sargun Dhillon wrote:
> > >
> &g
On Wed, Nov 11, 2020 at 02:38:11PM +, Trond Myklebust wrote:
> On Wed, 2020-11-11 at 11:12 +0000, Sargun Dhillon wrote:
> > On Tue, Nov 10, 2020 at 08:12:01PM +, Trond Myklebust wrote:
> > > On Tue, 2020-11-10 at 17:43 +0100, Alban Crequy wrote:
> > > >
On Tue, Nov 10, 2020 at 08:12:01PM +, Trond Myklebust wrote:
> On Tue, 2020-11-10 at 17:43 +0100, Alban Crequy wrote:
> > Hi,
> >
> > I tested the patches on top of 5.10.0-rc3+ and I could mount an NFS
> > share with a different user namespace. fsopen() is done in the
> > container namespaces
On Mon, Nov 02, 2020 at 09:37:04PM +0100, Jann Horn wrote:
> At the moment, the seccomp notifier API is hard to use without combining
> it with APIs like poll() or epoll(); if all target processes have gone
> away, the polling APIs will raise an error indication on the file
> descriptor, but
On Mon, Nov 02, 2020 at 05:50:33PM +0100, Alexey Gladkov wrote:
> Add a new prctl to change the user namespace in which the process
> counter is located. A pointer to the user namespace is in cred struct
> to be inherited by all child processes.
>
> Signed-off-by: Alexey Gladkov
> ---
>
On Mon, Nov 2, 2020 at 11:45 AM Michael Kerrisk (man-pages)
wrote:
>
> Hello Sargun,
>
> Thanks for your reply!
>
> On 11/2/20 9:07 AM, Sargun Dhillon wrote:
> > On Sat, Oct 31, 2020 at 9:27 AM Michael Kerrisk (man-pages)
> > wrote:
> >>
> >&g
-by: Sargun Dhillon
---
fs/nfs/client.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 4b8cc93913f7..c3afe448a512 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -571,7 +571,7 @@ static int nfs_start_lockd(struct
to do the right
mapping.
* Handle whatever refactoring needs to be done in net/sunrpc.
Signed-off-by: Sargun Dhillon
---
fs/nfs/nfs4client.c | 27 ++-
fs/nfs/nfs4idmap.c | 2 +-
fs/nfs/nfs4idmap.h | 3 ++-
3 files changed, 29 insertions(+), 3 deletions(-)
diff --git
ebase atop Anna's tree
Changes since v2:
* Removed samples
* Split out NFSv2/v3 patchset from NFSv4 patchset
* Added restrictions around use
Changes since v1:
* Added samples
Sargun Dhillon (2):
NFS: NFSv2/NFSv3: Use cred from fs_context during mount
NFSv4: Refactor NFS to use user names
On Sat, Oct 31, 2020 at 9:27 AM Michael Kerrisk (man-pages)
wrote:
>
> Hello Sargun,
>
> Thanks for your reply.
>
> On 10/30/20 9:27 PM, Sargun Dhillon wrote:
> > On Thu, Oct 29, 2020 at 09:37:21PM +0100, Michael Kerrisk (man-pages)
> > wrote:
>
> [...]
&g
On Thu, Oct 29, 2020 at 09:37:21PM +0100, Michael Kerrisk (man-pages) wrote:
> Hello Sargun,,
>
> On 10/29/20 9:53 AM, Sargun Dhillon wrote:
> > On Mon, Oct 26, 2020 at 10:55:04AM +0100, Michael Kerrisk (man-pages) wrote:
>
> [...]
>
> >>ioctl(2) operations
On Mon, Oct 26, 2020 at 10:55:04AM +0100, Michael Kerrisk (man-pages) wrote:
> Hi all (and especially Tycho and Sargun),
>
> Following review comments on the first draft (thanks to Jann, Kees,
> Christian and Tycho), I've made a lot of changes to this page.
> I've also added a few FIXMEs relating
On Wed, Oct 28, 2020 at 03:47:27PM -0700, Kees Cook wrote:
> On Wed, Oct 28, 2020 at 12:18:47PM +0100, Camille Mougey wrote:
> > (This is my first message to the kernel list, I hope I'm doing it right)
>
> Looks good to me! The key was CCing real people. ;)
>
> > From my understanding, there is
On Wed, Oct 28, 2020 at 2:43 AM Jann Horn wrote:
>
> On Wed, Oct 28, 2020 at 7:32 AM Sargun Dhillon wrote:
> > On Tue, Oct 27, 2020 at 3:28 AM Jann Horn wrote:
> > > On Tue, Oct 27, 2020 at 7:14 AM Michael Kerrisk (man-pages)
> > > wrote:
> > >
On Tue, Oct 27, 2020 at 3:28 AM Jann Horn wrote:
>
> On Tue, Oct 27, 2020 at 7:14 AM Michael Kerrisk (man-pages)
> wrote:
> > On 10/26/20 4:54 PM, Jann Horn wrote:
> > > I'm a bit on the fence now on whether non-blocking mode should use
> > > ENOTCONN or not... I guess if we returned ENOENT even
On Fri, Oct 16, 2020 at 05:45:47AM -0700, Sargun Dhillon wrote:
> This patchset adds some functionality to allow NFS to be used from
> NFS namespaces (containers).
>
> Changes since v1:
> * Added samples
>
> Sargun Dhillon (3):
> NFS: Use cred from fscontext during
This patchset adds some functionality to allow NFS to be used from
NFS namespaces (containers).
Changes since v1:
* Added samples
Sargun Dhillon (3):
NFS: Use cred from fscontext during fsmount
samples/vfs: Split out common code for new syscall APIs
samples/vfs: Add example leveraging
There are a bunch of helper functions which make using the new
mount APIs much easier. As we add examples of leveraging the
new APIs, it probably makes sense to promote code reuse.
Signed-off-by: Sargun Dhillon
Cc: David Howells
Cc: Al Viro
Cc: Kyle Anderson
---
samples/vfs/Makefile
This adds an example which assumes you already have an NFS server setup,
but does the work of creating a user namespace, and an NFS mount from
that user namespace which then exposes different UIDs than that of
the init user namespace.
Signed-off-by: Sargun Dhillon
Cc: J. Bruce Fields
Cc: Chuck
ble
FS_USERNS_MOUNT on NFS, but this seems like the safest and most
straightforward approach.
[1]:
https://lore.kernel.org/linux-fsdevel/155059610368.17079.2220554006494174417.st...@warthog.procyon.org.uk/
Signed-off-by: Sargun Dhillon
Cc: J. Bruce Fields
Cc: Chuck Lever
Cc: Trond Myklebust
Cc: A
ble
FS_USERNS_MOUNT on NFS, but this seems like the safest and most
straightforward approach.
[1]:
https://lore.kernel.org/linux-fsdevel/155059610368.17079.2220554006494174417.st...@warthog.procyon.org.uk/
Signed-off-by: Sargun Dhillon
Cc: J. Bruce Fields
Cc: Chuck Lever
Cc: Trond Myklebust
Cc: A
This patchset adds some functionality to allow NFS to be used from
NFS namespaces (containers).
Changes since v1:
* Added samples
Sargun Dhillon (3):
NFS: Use cred from fscontext during fsmount
samples/vfs: Split out common code for new syscall APIs
samples/vfs: Add example leveraging
This adds an example which assumes you already have an NFS server setup,
but does the work of creating a user namespace, and an NFS mount from
that user namespace which then exposes different UIDs than that of
the init user namespace.
Signed-off-by: Sargun Dhillon
Cc: J. Bruce Fields
Cc: Chuck
There are a bunch of helper functions which make using the new
mount APIs much easier. As we add examples of leveraging the
new APIs, it probably makes sense to promote code reuse.
Cc: David Howells
Cc: Al Viro
Cc: Kyle Anderson
---
samples/vfs/Makefile | 2 +
ce's
effects, and not all of the effects. The fscontext API has provisions
for being able to configure specific namespaces.
[1]:
https://lore.kernel.org/linux-nfs/camp4zn-mw1u3pos9k_jepieu2+owg6hdxdrq2lt3p173j_s...@mail.gmail.com/
Signed-off-by: Sargun Dhillon
---
fs/nfs/client.c | 2 +-
fs/nfs/nfs
makes switching away
from init_user_ns more straightforward in the future.
Signed-off-by: Sargun Dhillon
---
fs/nfs/nfs4idmap.c | 15 ---
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c
index 62e6eea5c516..8d8aba305ecc 100644
On Wed, Sep 30, 2020 at 4:07 AM Michael Kerrisk (man-pages)
wrote:
>
> Hi Tycho, Sargun (and all),
>
> I knew it would be a big ask, but below is kind of the manual page
> I was hoping you might write [1] for the seccomp user-space notification
> mechanism. Since you didn't (and because 5.9 adds
: Make kcmp() less required
> selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall()
> seccomp: Switch addfd to Extensible Argument ioctl
> seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
>
This looks much cleaner than the original patchset. Thanks
_data + i,
> o_flags);
> - if (err)
> + if (err < 0)
> break;
> }
>
> diff --git a/net/core/scm.c b/net/core/scm.c
> index df190f1fdd28..b9a0442ebd26 100644
> --- a/net/core/scm.c
> +++ b/net/core/scm.c
> @@ -307,7 +307,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie
> *scm)
>
> for (i = 0; i < fdmax; i++) {
> err = fd_install_received_user(scm->fp->fp[i], cmsg_data + i,
> o_flags);
> - if (err)
> + if (err < 0)
> break;
> }
>
> --
> 2.25.1
>
Reviewed-by: Sargun Dhillon
On Wed, Jun 17, 2020 at 01:08:44PM -0700, Nathan Chancellor wrote:
> On Mon, Jun 01, 2020 at 04:25:32AM -0700, Sargun Dhillon wrote:
> > This adds a helper which can iterate through a seccomp_filter to
> > find a notification matching an ID. It removes several replicated
>
On Mon, Jun 15, 2020 at 08:25:15PM -0700, Kees Cook wrote:
> In preparation for users of the "install a received file" logic outside
> of net/ (pidfd and seccomp), relocate and rename __scm_install_fd() from
> net/core/scm.c to __fd_install_received() in fs/file.c, and provide a
> wrapper named
On Mon, Jun 15, 2020 at 11:36:22AM +0200, Jann Horn wrote:
> On Sat, Jun 13, 2020 at 9:26 AM Sargun Dhillon wrote:
> > This introduces an extensibility mechanism to receive seccomp
> > notifications. It uses read(2), as opposed to using an ioctl. The listener
> > must be firs
/linux-api/20181209182414.30862-4-ty...@tycho.ws/
[2]:
https://lore.kernel.org/lkml/20200610081237.GA23425@ircssh-2.c.rugged-nimbus-611.internal/
Signed-off-by: Sargun Dhillon
---
include/uapi/linux/seccomp.h | 15 ++
kernel/seccomp.c | 245 +++
On Fri, Jun 12, 2020 at 08:36:03AM +, David Laight wrote:
> From: Kees Cook
> > Sent: 12 June 2020 00:50
> > > From: Sargun Dhillon
> > > > Sent: 11 June 2020 12:07
> > > > Subject: Re: [PATCH v3 1/4] fs, net: Standardize on file_receive helper
On Thu, Jun 11, 2020 at 12:01:14PM +0200, Christian Brauner wrote:
> On Wed, Jun 10, 2020 at 07:59:55PM -0700, Kees Cook wrote:
> > On Wed, Jun 10, 2020 at 08:12:38AM +0000, Sargun Dhillon wrote:
> > > As an aside, all of this junk should be dropped:
> > > +
On Thu, Jun 11, 2020 at 11:19:42AM +0200, Christian Brauner wrote:
> On Wed, Jun 10, 2020 at 07:59:55PM -0700, Kees Cook wrote:
> > On Wed, Jun 10, 2020 at 08:12:38AM +0000, Sargun Dhillon wrote:
> > > As an aside, all of this junk should be dropped:
> > > +
On Wed, Jun 10, 2020 at 07:59:55PM -0700, Kees Cook wrote:
>
> Yeah, that seems reasonable. Here's the diff for that part:
>
> diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
> index 7b6028b399d8..98bf19b4e086 100644
> --- a/include/uapi/linux/seccomp.h
> +++
On Tue, Jun 09, 2020 at 09:52:14PM -0700, Kees Cook wrote:
> The sock counting (sock_update_netprioidx() and sock_update_classid())
> was missing from this implementation of fd installation, compared to
> SCM_RIGHTS. Use the new scm helper to get the work done, after adjusting
> it to return the
On Tue, Jun 09, 2020 at 10:27:54PM -0700, Kees Cook wrote:
> On Tue, Jun 09, 2020 at 11:27:30PM +0200, Christian Brauner wrote:
> > On June 9, 2020 10:55:42 PM GMT+02:00, Kees Cook
> > wrote:
> > >LOL. And while we were debating this, hch just went and cleaned stuff up:
> > >
> > >2618d530dd8b
On Thu, Jun 04, 2020 at 02:52:26PM +0200, Christian Brauner wrote:
> On Wed, Jun 03, 2020 at 07:22:57PM -0700, Kees Cook wrote:
> > On Thu, Jun 04, 2020 at 03:24:52AM +0200, Christian Brauner wrote:
> > > On Tue, Jun 02, 2020 at 06:10:41PM -0700, Sargun Dhillon wrote:
> > &
On Fri, May 29, 2020 at 11:01 PM Gabriel Krisman Bertazi
wrote:
>
> Modern Windows applications are executing system call instructions
> directly from the application's code without going through the WinAPI.
> This breaks Wine emulation, because it doesn't have a chance to
> intercept and emulate
On Wed, Jun 03, 2020 at 07:22:57PM -0700, Kees Cook wrote:
> On Thu, Jun 04, 2020 at 03:24:52AM +0200, Christian Brauner wrote:
> > On Tue, Jun 02, 2020 at 06:10:41PM -0700, Sargun Dhillon wrote:
> > > Previously there were two chunks of code where the logic to receive file
On Thu, Jun 04, 2020 at 03:24:52AM +0200, Christian Brauner wrote:
> On Tue, Jun 02, 2020 at 06:10:41PM -0700, Sargun Dhillon wrote:
> > Previously there were two chunks of code where the logic to receive file
> > descriptors was duplicated in net. The compat version of c
On Wed, Jun 3, 2020 at 4:42 PM Kees Cook wrote:
>
> On Tue, Jun 02, 2020 at 06:10:40PM -0700, Sargun Dhillon wrote:
> > Sargun Dhillon (4):
> > fs, net: Standardize on file_receive helper to move fds across
> > processes
> > pid: Use file_receive he
o8w9bcaf@mid.deneb.enyo.de/
[2]:
https://lore.kernel.org/lkml/a328b91d-fd8f-4f27-b3c2-91a9c45f1...@rasmusvillemoes.dk/
Signed-off-by: Sargun Dhillon
Suggested-by: Matt Denton
Cc: Al Viro
Cc: Chris Palmer
Cc: Christian Brauner
Cc: Jann Horn
Cc: Kees Cook
Cc: Robert Sesek
Cc:
on copy.
[1]: https://lore.kernel.org/lkml/20200107175927.4558-1-sar...@sargun.me/
Signed-off-by: Sargun Dhillon
Suggested-by: Kees Cook
Cc: Al Viro
Cc: Christian Brauner
Cc: Daniel Wagner
Cc: David S. Miller
Cc: Jann Horn
Cc: John Fastabend
Cc: Tejun Heo
Cc: Tycho Andersen
Cc: sta
Test whether we can add file descriptors in response to notifications.
This injects the file descriptors via notifications, and then uses
kcmp to determine whether or not it has been successful.
It also includes some basic sanity checking for arguments.
Signed-off-by: Sargun Dhillon
Cc: Al Viro
nmmx42y7dfznf@wittgenstein/
[5]: https://lore.kernel.org/lkml/20200107175927.4558-1-sar...@sargun.me/
Sargun Dhillon (4):
fs, net: Standardize on file_receive helper to move fds across
processes
pid: Use file_receive helper to copy FDs
seccomp: Introduce addfd ioctl to seccomp user noti
ative path to ensure that when moving the file descriptor the classid
is set.
Signed-off-by: Sargun Dhillon
Suggested-by: Kees Cook
Cc: Al Viro
Cc: Christian Brauner
Cc: Daniel Wagner
Cc: David S. Miller
Cc: Jann Horn ,
Cc: John Fastabend
Cc: Tejun Heo
Cc: Tycho Andersen
Cc: sta...@vger
On Sat, May 30, 2020 at 9:07 AM Kees Cook wrote:
>
> On Sat, May 30, 2020 at 03:08:37PM +0100, Al Viro wrote:
> > On Fri, May 29, 2020 at 07:43:10PM -0700, Kees Cook wrote:
> >
> > > Can anyone clarify the expected failure mode from SCM_RIGHTS? Can we
> > > move the put_user() after instead? I
This adds a helper which can iterate through a seccomp_filter to
find a notification matching an ID. It removes several replicated
chunks of code.
Signed-off-by: Sargun Dhillon
Acked-by: Christian Brauner
Reviewed-by: Tycho Andersen
Cc: Matt Denton
Cc: Kees Cook ,
Cc: Jann Horn ,
Cc: Robert
>
> I mean, yes, that's certainly better, but it just seems a shame that
> everyone has to do the get_unused/put_unused dance just because of how
> SCM_RIGHTS does this weird put_user() in the middle.
>
> Can anyone clarify the expected failure mode from SCM_RIGHTS? Can we
> move the put_user()
On Fri, May 29, 2020 at 12:31:37AM -0700, Kees Cook wrote:
> On Thu, May 28, 2020 at 04:08:57AM -0700, Sargun Dhillon wrote:
> > This adds a seccomp notifier ioctl which allows for the listener to "add"
> > file descriptors to a process which originated a seccomp user
>
On Fri, May 29, 2020 at 6:31 AM Christian Brauner
wrote:
>
> > > + /* Check if we were woken up by a addfd message */
> > > + addfd = list_first_entry_or_null(,
> > > +struct seccomp_kaddfd, list);
> > > + if (addfd &&
On Fri, May 29, 2020 at 12:41:51AM -0700, Kees Cook wrote:
> On Thu, May 28, 2020 at 04:08:58AM -0700, Sargun Dhillon wrote:
> > + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, ), 0);
> > +
> > + nextid = req.id + 1;
> > +
> > + /* Wait for getppid
>
> While the comment is good, let's actually enforce this with:
>
> if (WARN_ON(!mutex_is_locked(>notif_lock)))
> return NULL;
>
I don't see much use of lockdep in seccomp (well, any), but
wouldn't a stronger statement be to use lockdep, and just have:
lockdep_assert_held(>notify_lock);
This adds a helper which can iterate through a seccomp_filter to
find a notification matching an ID. It removes several replicated
chunks of code.
Signed-off-by: Sargun Dhillon
Cc: Matt Denton
Cc: Kees Cook ,
Cc: Jann Horn ,
Cc: Robert Sesek ,
Cc: Chris Palmer
Cc: Christian Brauner
Cc: Tycho
half of the process generating the notifiation. This
allows the file descriptor generated from that open call to be
returned to the calling process.
In addition, there is funcitonality to allow for replacement of
specific file descriptors, following dup2-like semantics.
Signed-off-by: Sargun Dhil
kernel.org/lkml/20200525135036.vp2nmmx42y7dfznf@wittgenstein/
Sargun Dhillon (3):
seccomp: Add find_notification helper
seccomp: Introduce addfd ioctl to seccomp user notifier
selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD
include/uapi/linux/seccomp.h | 25 ++
kernel/seccomp.c
Test whether we can add file descriptors in response to notifications.
This injects the file descriptors via notifications, and then uses
kcmp to determine whether or not it has been successful.
It also includes some basic sanity checking for arguments.
Signed-off-by: Sargun Dhillon
Cc: Matt
On Wed, May 27, 2020 at 01:19:01PM +0200, Christian Brauner wrote:
> +void seccomp_filter_notify(const struct task_struct *tsk)
> +{
> + struct seccomp_filter *orig = tsk->seccomp.filter;
> +
> + while (orig && refcount_dec_and_test(>live)) {
> + if (waitqueue_active(>wqh))
> +
On Mon, May 25, 2020 at 6:50 AM Christian Brauner
wrote:
>
> On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote:
> > This adds a seccomp notifier ioctl which allows for the listener to "add"
> > file descriptors to a process which originated a s
> > + * they are created in. Specifcally, sockets, and their interactions with
> > the
> > + * net_cls and net_prio cgroup v1 controllers. This "moves" the file
> > descriptor
> > + * so that it takes on the cgroup controller's configuration in the process
> > + * that the file descriptor is
On Sun, May 24, 2020 at 5:05 PM Al Viro wrote:
>
> On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote:
>
> Bad refcounting rules. *IF* we go with anything of that sort (and I'm not
> convinced that the entire series makes sense), it's better to have more
> uniform
-in.
Signed-off-by: Sargun Dhillon
Suggested-by: Tycho Andersen
Cc: Matt Denton
Cc: Kees Cook ,
Cc: Jann Horn ,
Cc: Robert Sesek ,
Cc: Chris Palmer
Cc: Christian Brauner
---
include/uapi/linux/seccomp.h | 8
kernel/seccomp.c | 31 +++
2 files
This introduces another call to addfd, in which the move flag is set. It
may make sense to setup a cgroup v1 hierarchy, and check that the
netprioidx is changed.
Signed-off-by: Sargun Dhillon
Cc: Matt Denton
Cc: Kees Cook ,
Cc: Jann Horn ,
Cc: Robert Sesek ,
Cc: Chris Palmer
Cc: Christian
half of the process generating the notifiation. This
allows the file descriptor generated from that open call to be
returned to the calling process.
In addition, there is funcitonality to allow for replacement of
specific file descriptors, following dup2-like semantics.
Signed-off-by: Sargun Dhil
lore.kernel.org/lkml/20200107175927.4558-1-sar...@sargun.me/
Sargun Dhillon (5):
seccomp: Add find_notification helper
seccomp: Introduce addfd ioctl to seccomp user notifier
selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD
seccomp: Add SECCOMP_ADDFD_FLAG_MOVE flag to add fd ioctl
selftes
This adds a helper which can iterate through a seccomp_filter to
find a notification matching an ID. It removes several replicated
chunks of code.
Signed-off-by: Sargun Dhillon
Cc: Matt Denton
Cc: Kees Cook ,
Cc: Jann Horn ,
Cc: Robert Sesek ,
Cc: Chris Palmer
Cc: Christian Brauner
Cc: Tycho
Test whether we can add file descriptors in response to notifications.
This injects the file descriptors via notifications, and then uses
kcmp to determine whether or not it has been successful.
It also includes some basic sanity checking for arguments.
Signed-off-by: Sargun Dhillon
Cc: Matt
On Mon, May 18, 2020 at 02:04:57PM -0700, Kees Cook wrote:
> Hi!
>
> This is my attempt at a brain-dump on my plans for nearish-term seccomp
> features. Welcome to my TED talk... ;)
>
> These are the things I've been thinking about:
>
> - fd passing
> - deep argument inspection
> - changing
1 - 100 of 288 matches
Mail list logo