Hi, On Fri, Sep 22, 2017 at 05:22:29PM +0200, Oleg Nesterov wrote: > On 09/21, Kees Cook wrote: > > Can you resend the two patches; I can send the backport to -stable > > manually... > > Not sure I understand... Do you mean this fix + untested "introduce > get_nth_filter()" ?
Just want to make sure this doesn't get lost in the shuffle. If I resend just Oleg's patch with the added __get_secomp_filter() instead of open coded refcount, will that work for you Kees? We can worry about the get_nth_filter implementation with the PTRACE_SECCOMP_GET_METADATA series later. Cheers, Tycho
