subject:"\[PATCH v7 4\/9\] seccomp\: move no_new

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

2014-06-24 Thread Andy Lutomirski

On Tue, Jun 24, 2014 at 12:50 PM, Kees Cook wrote: > On Tue, Jun 24, 2014 at 12:34 PM, Andy Lutomirski wrote: >> On Tue, Jun 24, 2014 at 12:30 PM, Oleg Nesterov wrote: >>> On 06/24, Andy Lutomirski wrote: On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote: >> >> -struct s

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

2014-06-24 Thread Kees Cook

On Tue, Jun 24, 2014 at 12:34 PM, Andy Lutomirski wrote: > On Tue, Jun 24, 2014 at 12:30 PM, Oleg Nesterov wrote: >> On 06/24, Andy Lutomirski wrote: >>> >>> On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote: >>> >> >>> >> -struct seccomp { }; >>> >> +struct seccomp { >>> >> + unsigned l

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

2014-06-24 Thread Andy Lutomirski

On Tue, Jun 24, 2014 at 12:30 PM, Oleg Nesterov wrote: > On 06/24, Andy Lutomirski wrote: >> >> On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote: >> >> >> >> -struct seccomp { }; >> >> +struct seccomp { >> >> + unsigned long flags; >> >> +}; >> > >> > A bit messy ;) >> > >> > I am wonder

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

2014-06-24 Thread Oleg Nesterov

On 06/24, Andy Lutomirski wrote: > > On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote: > >> > >> -struct seccomp { }; > >> +struct seccomp { > >> + unsigned long flags; > >> +}; > > > > A bit messy ;) > > > > I am wondering if we can simply do > > > > static inline bool current_no

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

2014-06-24 Thread Andy Lutomirski

On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote: > On 06/23, Kees Cook wrote: >> >> --- a/include/linux/seccomp.h >> +++ b/include/linux/seccomp.h >> @@ -3,6 +3,8 @@ >> >> #include >> >> +#define SECCOMP_FLAG_NO_NEW_PRIVS0 /* task may not gain privs */ >> + >> #ifdef CONFIG_SECC

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

2014-06-24 Thread Oleg Nesterov

On 06/23, Kees Cook wrote: > > --- a/include/linux/seccomp.h > +++ b/include/linux/seccomp.h > @@ -3,6 +3,8 @@ > > #include > > +#define SECCOMP_FLAG_NO_NEW_PRIVS0 /* task may not gain privs */ > + > #ifdef CONFIG_SECCOMP > > #include > @@ -16,6 +18,7 @@ struct seccomp_filter; > *

[PATCH v7 4/9] seccomp: move no_new_privs into seccomp

2014-06-23 Thread Kees Cook

Since seccomp transitions between threads requires updates to the no_new_privs flag to be atomic, changes must be atomic. This moves the nnp flag into the seccomp field as a separate unsigned long for atomic access. Signed-off-by: Kees Cook Acked-by: Andy Lutomirski --- fs/exec.c

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp

[PATCH v7 4/9] seccomp: move no_new_privs into seccomp

7 matches

Site Navigation

Mail list logo

Footer information