On Tue, Jun 24, 2014 at 12:50 PM, Kees Cook wrote:
> On Tue, Jun 24, 2014 at 12:34 PM, Andy Lutomirski wrote:
>> On Tue, Jun 24, 2014 at 12:30 PM, Oleg Nesterov wrote:
>>> On 06/24, Andy Lutomirski wrote:
On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote:
>>
>> -struct s
On Tue, Jun 24, 2014 at 12:34 PM, Andy Lutomirski wrote:
> On Tue, Jun 24, 2014 at 12:30 PM, Oleg Nesterov wrote:
>> On 06/24, Andy Lutomirski wrote:
>>>
>>> On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote:
>>> >>
>>> >> -struct seccomp { };
>>> >> +struct seccomp {
>>> >> + unsigned l
On Tue, Jun 24, 2014 at 12:30 PM, Oleg Nesterov wrote:
> On 06/24, Andy Lutomirski wrote:
>>
>> On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote:
>> >>
>> >> -struct seccomp { };
>> >> +struct seccomp {
>> >> + unsigned long flags;
>> >> +};
>> >
>> > A bit messy ;)
>> >
>> > I am wonder
On 06/24, Andy Lutomirski wrote:
>
> On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote:
> >>
> >> -struct seccomp { };
> >> +struct seccomp {
> >> + unsigned long flags;
> >> +};
> >
> > A bit messy ;)
> >
> > I am wondering if we can simply do
> >
> > static inline bool current_no
On Tue, Jun 24, 2014 at 12:18 PM, Oleg Nesterov wrote:
> On 06/23, Kees Cook wrote:
>>
>> --- a/include/linux/seccomp.h
>> +++ b/include/linux/seccomp.h
>> @@ -3,6 +3,8 @@
>>
>> #include
>>
>> +#define SECCOMP_FLAG_NO_NEW_PRIVS0 /* task may not gain privs */
>> +
>> #ifdef CONFIG_SECC
On 06/23, Kees Cook wrote:
>
> --- a/include/linux/seccomp.h
> +++ b/include/linux/seccomp.h
> @@ -3,6 +3,8 @@
>
> #include
>
> +#define SECCOMP_FLAG_NO_NEW_PRIVS0 /* task may not gain privs */
> +
> #ifdef CONFIG_SECCOMP
>
> #include
> @@ -16,6 +18,7 @@ struct seccomp_filter;
> *
Since seccomp transitions between threads requires updates to the
no_new_privs flag to be atomic, changes must be atomic. This moves the nnp
flag into the seccomp field as a separate unsigned long for atomic access.
Signed-off-by: Kees Cook
Acked-by: Andy Lutomirski
---
fs/exec.c
7 matches
Mail list logo