Looks good.
Reviewed-by: Pavel Tikhomirov <[email protected]>
On 01.06.2021 17:22, Valeriy Vdovin wrote:
Move ve_trusted_exec to a more general place and rename it for
consistency with another added function that checks for CT library files
being mmaped to a priviledged process.
Valeriy Vdovin (3):
ve/exec: ve_trusted_exec moved to ve.c and renamed
ve/exec: reordered ve_check_trusted_exec conditions
ve/mmap: protect from unsecure library load from CT image
fs/exec.c | 44 ++---------------------------
include/linux/ve.h | 2 ++
kernel/ve/ve.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++
mm/util.c | 5 ++++
4 files changed, 80 insertions(+), 41 deletions(-)
v2: - split big patch into patchset
- reordered check conditions
- added file name in mmap check message
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
