On Tue, Jun 24, 2014 at 11:37 AM, Oleg Nesterov wrote:
> On 06/24, Kees Cook wrote:
>>
>> On Tue, Jun 24, 2014 at 10:27 AM, Oleg Nesterov wrote:
>> > On 06/23, Kees Cook wrote:
>> >>
>> >> +static pid_t seccomp_can_sync_threads(void)
>> >> +{
>> >> + struct task_struct *thread, *caller;
>>
On 06/24, Kees Cook wrote:
>
> On Tue, Jun 24, 2014 at 10:27 AM, Oleg Nesterov wrote:
> > On 06/23, Kees Cook wrote:
> >>
> >> +static pid_t seccomp_can_sync_threads(void)
> >> +{
> >> + struct task_struct *thread, *caller;
> >> +
> >> + BUG_ON(write_can_lock(_lock));
> >> +
On Tue, Jun 24, 2014 at 10:08 AM, Oleg Nesterov wrote:
> On 06/23, Kees Cook wrote:
>>
>> +static pid_t seccomp_can_sync_threads(void)
>> +{
>> + struct task_struct *thread, *caller;
>> +
>> + BUG_ON(write_can_lock(_lock));
>> + BUG_ON(!spin_is_locked(>sighand->siglock));
>> +
>> +
On Tue, Jun 24, 2014 at 10:27 AM, Oleg Nesterov wrote:
> On 06/23, Kees Cook wrote:
>>
>> +static pid_t seccomp_can_sync_threads(void)
>> +{
>> + struct task_struct *thread, *caller;
>> +
>> + BUG_ON(write_can_lock(_lock));
>> + BUG_ON(!spin_is_locked(>sighand->siglock));
>> +
>> +
On 06/23, Kees Cook wrote:
>
> +static pid_t seccomp_can_sync_threads(void)
> +{
> + struct task_struct *thread, *caller;
> +
> + BUG_ON(write_can_lock(_lock));
> + BUG_ON(!spin_is_locked(>sighand->siglock));
> +
> + if (current->seccomp.mode != SECCOMP_MODE_FILTER)
> +
On 06/23, Kees Cook wrote:
>
> +static pid_t seccomp_can_sync_threads(void)
> +{
> + struct task_struct *thread, *caller;
> +
> + BUG_ON(write_can_lock(_lock));
> + BUG_ON(!spin_is_locked(>sighand->siglock));
> +
> + if (current->seccomp.mode != SECCOMP_MODE_FILTER)
> +
On 06/23, Kees Cook wrote:
+static pid_t seccomp_can_sync_threads(void)
+{
+ struct task_struct *thread, *caller;
+
+ BUG_ON(write_can_lock(tasklist_lock));
+ BUG_ON(!spin_is_locked(current-sighand-siglock));
+
+ if (current-seccomp.mode != SECCOMP_MODE_FILTER)
+
On 06/23, Kees Cook wrote:
+static pid_t seccomp_can_sync_threads(void)
+{
+ struct task_struct *thread, *caller;
+
+ BUG_ON(write_can_lock(tasklist_lock));
+ BUG_ON(!spin_is_locked(current-sighand-siglock));
+
+ if (current-seccomp.mode != SECCOMP_MODE_FILTER)
+
On Tue, Jun 24, 2014 at 10:27 AM, Oleg Nesterov o...@redhat.com wrote:
On 06/23, Kees Cook wrote:
+static pid_t seccomp_can_sync_threads(void)
+{
+ struct task_struct *thread, *caller;
+
+ BUG_ON(write_can_lock(tasklist_lock));
+
On Tue, Jun 24, 2014 at 10:08 AM, Oleg Nesterov o...@redhat.com wrote:
On 06/23, Kees Cook wrote:
+static pid_t seccomp_can_sync_threads(void)
+{
+ struct task_struct *thread, *caller;
+
+ BUG_ON(write_can_lock(tasklist_lock));
+
On 06/24, Kees Cook wrote:
On Tue, Jun 24, 2014 at 10:27 AM, Oleg Nesterov o...@redhat.com wrote:
On 06/23, Kees Cook wrote:
+static pid_t seccomp_can_sync_threads(void)
+{
+ struct task_struct *thread, *caller;
+
+ BUG_ON(write_can_lock(tasklist_lock));
+
On Tue, Jun 24, 2014 at 11:37 AM, Oleg Nesterov o...@redhat.com wrote:
On 06/24, Kees Cook wrote:
On Tue, Jun 24, 2014 at 10:27 AM, Oleg Nesterov o...@redhat.com wrote:
On 06/23, Kees Cook wrote:
+static pid_t seccomp_can_sync_threads(void)
+{
+ struct task_struct *thread,
Applying restrictive seccomp filter programs to large or diverse
codebases often requires handling threads which may be started early in
the process lifetime (e.g., by code that is linked in). While it is
possible to apply permissive programs prior to process start up, it is
difficult to further
Applying restrictive seccomp filter programs to large or diverse
codebases often requires handling threads which may be started early in
the process lifetime (e.g., by code that is linked in). While it is
possible to apply permissive programs prior to process start up, it is
difficult to further
14 matches
Mail list logo