[PATCH v5 3/7] selftests/seccomp: Force rebuild according to dependencies

Rebuild the seccomp tests when kselftest_harness.h is updated. Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Shuah Khan Cc: Will Drewry --- tools/testing/selftests/seccomp/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests

[PATCH v4 0/6] Add kselftest_harness.h

+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com Regards, Mickaël Salaün (6): selftests: Make test_harness.h more generally available selftests: Cosmetic renames in kselftest_harness.h selftests/seccomp: Force rebuild according to dependencies Documentation/dev-tools: Add kselftest

[PATCH v4 5/6] Documentation/dev-tools: Use reStructuredText markups for kselftest

Include and convert kselftest to the Sphinx format. Changes since v2: * lighten the modifications (suggested by Kees Cook) Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Shuah Khan

[PATCH v4 0/6] Add kselftest_harness.h

+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com Regards, Mickaël Salaün (6): selftests: Make test_harness.h more generally available selftests: Cosmetic renames in kselftest_harness.h selftests/seccomp: Force rebuild according to dependencies Documentation/dev-tools: Add kselftest

[PATCH v4 5/6] Documentation/dev-tools: Use reStructuredText markups for kselftest

Include and convert kselftest to the Sphinx format. Changes since v2: * lighten the modifications (suggested by Kees Cook) Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Jonathan Corbet Cc: Shuah Khan --- Documentation/dev-tools/index.rst | 1 + Documentation/dev-tools

[PATCH v4 2/6] selftests: Cosmetic renames in kselftest_harness.h

Keep the content consistent with the new name. Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Shuah Khan <sh...@kernel.org> Cc: Will Drewry <w...@chromium.org>

[PATCH v4 2/6] selftests: Cosmetic renames in kselftest_harness.h

Keep the content consistent with the new name. Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Shuah Khan Cc: Will Drewry --- tools/testing/selftests/kselftest_harness.h | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tools/testing

[PATCH v4 4/6] Documentation/dev-tools: Add kselftest

Move kselftest.txt to dev-tools/kselftest.rst . Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Shuah Khan <sh...@kernel.org> --- Documentation/00-INDEX

[PATCH v4 3/6] selftests/seccomp: Force rebuild according to dependencies

Rebuild the seccomp tests when kselftest_harness.h is updated. Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Shuah Khan <sh...@kernel.org> Cc: Will Drewry <w...@chromium.org>

[PATCH v4 4/6] Documentation/dev-tools: Add kselftest

Move kselftest.txt to dev-tools/kselftest.rst . Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Jonathan Corbet Cc: Shuah Khan --- Documentation/00-INDEX | 2 -- Documentation/{kselftest.txt => dev-tools/kselftest.rst} | 0 2 files changed, 2 deleti

[PATCH v4 3/6] selftests/seccomp: Force rebuild according to dependencies

Rebuild the seccomp tests when kselftest_harness.h is updated. Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Shuah Khan Cc: Will Drewry --- tools/testing/selftests/seccomp/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests

[PATCH v4 6/6] Documentation/dev-tools: Add kselftest_harness documentation

and cleanup comments Changes since v2: * add reference to the full documentation in the header file (suggested by Kees Cook) Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Jonathan Corb

[PATCH v4 6/6] Documentation/dev-tools: Add kselftest_harness documentation

and cleanup comments Changes since v2: * add reference to the full documentation in the header file (suggested by Kees Cook) Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Jonathan Corbet Cc: Shuah Khan Cc: Will Drewry --- Documentation/dev-tools/kselftest.rst

[PATCH v4 1/6] selftests: Make test_harness.h more generally available

-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Acked-by: Will Drewry <w...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Shuah Khan <sh...@kernel.org> Link: https://lkml.kernel.org/r/CAGXu5j+8CVz8vL51DRYXqOY=xc3zuKFf=pt

[PATCH v4 1/6] selftests: Make test_harness.h more generally available

-by: Mickaël Salaün Acked-by: Kees Cook Acked-by: Will Drewry Cc: Andy Lutomirski Cc: Shuah Khan Link: https://lkml.kernel.org/r/CAGXu5j+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com --- MAINTAINERS | 1 + tools/testing

Re: [PATCH v3 0/6] Add kselftest_harness.h

On 16/05/2017 22:29, Jonathan Corbet wrote: > On Tue, 16 May 2017 22:12:39 +0200 > Mickaël Salaün <m...@digikod.net> wrote: > >>> I will have to defer to Jon Corbet for Documentation related changes >>> and patches. Jon! Could you please review and give me an A

Re: [PATCH v3 0/6] Add kselftest_harness.h

On 16/05/2017 22:29, Jonathan Corbet wrote: > On Tue, 16 May 2017 22:12:39 +0200 > Mickaël Salaün wrote: > >>> I will have to defer to Jon Corbet for Documentation related changes >>> and patches. Jon! Could you please review and give me an Ack. >> >

Re: [PATCH v3 0/6] Add kselftest_harness.h

On 04/05/2017 15:58, Shuah Khan wrote: > On 05/03/2017 04:26 PM, Mickaël Salaün wrote: >> Hi, >> >> This third patch series make the seccomp/test_harness.h more generally >> available [1] and update the kselftest documentation with the Sphinx format. >> It >&g

Re: [PATCH v3 0/6] Add kselftest_harness.h

On 04/05/2017 15:58, Shuah Khan wrote: > On 05/03/2017 04:26 PM, Mickaël Salaün wrote: >> Hi, >> >> This third patch series make the seccomp/test_harness.h more generally >> available [1] and update the kselftest documentation with the Sphinx format. >> It >&g

Re: [PATCH v1] samples/bpf: Add a .gitignore for binaries

On 13/02/2017 02:43, David Ahern wrote: > On 2/12/17 2:23 PM, Mickaël Salaün wrote: >> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore >> new file mode 100644 >> index ..a7562a5ef4c2 >> --- /dev/null >> +++ b/samples/bpf/.gitignore &g

Re: [PATCH v1] samples/bpf: Add a .gitignore for binaries

On 13/02/2017 02:43, David Ahern wrote: > On 2/12/17 2:23 PM, Mickaël Salaün wrote: >> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore >> new file mode 100644 >> index ..a7562a5ef4c2 >> --- /dev/null >> +++ b/samples/bpf/.gitignore &g

[PATCH v3] LSM: Enable multiple calls to security_add_hooks() for the same LSM

the hooks are called, hence multiple times. To sum up, "capability,selinux,foo,foo" will be replaced with "capability,selinux,foo", however "capability,foo,selinux,foo" will remain as is. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Casey Schau

[PATCH v3] LSM: Enable multiple calls to security_add_hooks() for the same LSM

the hooks are called, hence multiple times. To sum up, "capability,selinux,foo,foo" will be replaced with "capability,selinux,foo", however "capability,foo,selinux,foo" will remain as is. Signed-off-by: Mickaël Salaün Cc: Casey Schaufler Cc: James Morris Cc: Ke

Re: [PATCH v2] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 10/05/2017 01:35, Kees Cook wrote: > On Tue, May 9, 2017 at 4:08 PM, Mickaël Salaün <m...@digikod.net> wrote: >> The commit d69dece5f5b6 ("LSM: Add /sys/kernel/security/lsm") extend >> security_add_hooks() with a new parameter to register the LSM name, >>

Re: [PATCH v2] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 10/05/2017 01:35, Kees Cook wrote: > On Tue, May 9, 2017 at 4:08 PM, Mickaël Salaün wrote: >> The commit d69dece5f5b6 ("LSM: Add /sys/kernel/security/lsm") extend >> security_add_hooks() with a new parameter to register the LSM name, >> which may be useful to ma

[PATCH v2] LSM: Enable multiple calls to security_add_hooks() for the same LSM

the hooks are called, hence multiple times. To sum up, "capability,selinux,foo,foo" will be replaced with "capability,selinux,foo", however "capability,foo,selinux,foo" will remain as is. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Casey Schau

[PATCH v2] LSM: Enable multiple calls to security_add_hooks() for the same LSM

the hooks are called, hence multiple times. To sum up, "capability,selinux,foo,foo" will be replaced with "capability,selinux,foo", however "capability,foo,selinux,foo" will remain as is. Signed-off-by: Mickaël Salaün Cc: Casey Schaufler Cc: James Morris Cc: Ke

Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 08/05/2017 22:07, Casey Schaufler wrote: > On 5/8/2017 12:24 PM, Mickaël Salaün wrote: >> On 01/05/2017 01:28, James Morris wrote: >>> On Sat, 29 Apr 2017, Mickaël Salaün wrote: >>> >>>> Check if the registering LSM already registered hooks just

Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 08/05/2017 22:07, Casey Schaufler wrote: > On 5/8/2017 12:24 PM, Mickaël Salaün wrote: >> On 01/05/2017 01:28, James Morris wrote: >>> On Sat, 29 Apr 2017, Mickaël Salaün wrote: >>> >>>> Check if the registering LSM already registered hooks just

Re: new ...at() flag: AT_NO_JUMPS

On 05/05/2017 22:28, Eric W. Biederman wrote: > Al Viro writes: > >> On Thu, May 04, 2017 at 08:46:49PM -0700, Linus Torvalds wrote: >>> On Thu, May 4, 2017 at 7:47 PM, Jann Horn wrote: Thread 1 starts an AT_BENEATH path walk using an O_PATH

Re: new ...at() flag: AT_NO_JUMPS

On 05/05/2017 22:28, Eric W. Biederman wrote: > Al Viro writes: > >> On Thu, May 04, 2017 at 08:46:49PM -0700, Linus Torvalds wrote: >>> On Thu, May 4, 2017 at 7:47 PM, Jann Horn wrote: Thread 1 starts an AT_BENEATH path walk using an O_PATH fd pointing to

Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 01/05/2017 01:28, James Morris wrote: > On Sat, 29 Apr 2017, Mickaël Salaün wrote: > >> Check if the registering LSM already registered hooks just before. This >> enable to split hook declarations into multiple files without >> registering multiple time the same LSM na

Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 01/05/2017 01:28, James Morris wrote: > On Sat, 29 Apr 2017, Mickaël Salaün wrote: > >> Check if the registering LSM already registered hooks just before. This >> enable to split hook declarations into multiple files without >> registering multiple time the same LSM na

[PATCH v3 4/6] Documentation/dev-tools: Add kselftest

Move kselftest.txt to dev-tools/kselftest.rst . Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Shuah Khan <sh...@kernel.org> --- Documentation/00-INDEX

[PATCH v3 4/6] Documentation/dev-tools: Add kselftest

Move kselftest.txt to dev-tools/kselftest.rst . Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Jonathan Corbet Cc: Shuah Khan --- Documentation/00-INDEX | 2 -- Documentation/{kselftest.txt => dev-tools/kselftest.rst} | 0 2 files changed, 2 deleti

[PATCH v3 3/6] selftests/seccomp: Force rebuild according to dependencies

Rebuild the seccomp tests when kselftest_harness.h is updated. Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Shuah Khan <sh...@kernel.org> Cc: Will Drewry <w...@chromium.org>

[PATCH v3 3/6] selftests/seccomp: Force rebuild according to dependencies

Rebuild the seccomp tests when kselftest_harness.h is updated. Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Shuah Khan Cc: Will Drewry --- tools/testing/selftests/seccomp/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests

[PATCH v3 6/6] Documentation/dev-tools: Add kselftest_harness documentation

Add metadata to kselftest_harness.h to be able to include the comments in the Sphinx documentation. Changes since v2: * add reference to the full documentation in the header file (suggested by Kees Cook) Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook

[PATCH v3 6/6] Documentation/dev-tools: Add kselftest_harness documentation

Add metadata to kselftest_harness.h to be able to include the comments in the Sphinx documentation. Changes since v2: * add reference to the full documentation in the header file (suggested by Kees Cook) Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Jonathan

[PATCH v3 5/6] Documentation/dev-tools: Use reStructuredText markups for kselftest

Include and convert kselftest to the Sphinx format. Changes since v2: * lighten the modifications (suggested by Kees Cook) Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Shuah Khan

[PATCH v3 5/6] Documentation/dev-tools: Use reStructuredText markups for kselftest

Include and convert kselftest to the Sphinx format. Changes since v2: * lighten the modifications (suggested by Kees Cook) Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Jonathan Corbet Cc: Shuah Khan --- Documentation/dev-tools/index.rst | 1 + Documentation/dev-tools

[PATCH v3 1/6] selftests: Make test_harness.h more generally available

-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Acked-by: Will Drewry <w...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Shuah Khan <sh...@kernel.org> Link: https://lkml.kernel.org/r/CAGXu5j+8CVz8vL51DRYXqOY=xc3zuKFf=pt

[PATCH v3 2/6] selftests: Cosmetic renames in kselftest_harness.h

Keep the content consistent with the new name. Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Shuah Khan <sh...@kernel.org> Cc: Will Drewry <w...@chromium.org>

[PATCH v3 1/6] selftests: Make test_harness.h more generally available

-by: Mickaël Salaün Acked-by: Kees Cook Acked-by: Will Drewry Cc: Andy Lutomirski Cc: Shuah Khan Link: https://lkml.kernel.org/r/CAGXu5j+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com --- MAINTAINERS | 1 + tools/testing

[PATCH v3 2/6] selftests: Cosmetic renames in kselftest_harness.h

Keep the content consistent with the new name. Signed-off-by: Mickaël Salaün Acked-by: Kees Cook Cc: Andy Lutomirski Cc: Shuah Khan Cc: Will Drewry --- tools/testing/selftests/kselftest_harness.h | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tools/testing

[PATCH v3 0/6] Add kselftest_harness.h

+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com Regards, Mickaël Salaün (6): selftests: Make test_harness.h more generally available selftests: Cosmetic renames in kselftest_harness.h selftests/seccomp: Force rebuild according to dependencies Documentation/dev-tools: Add kselftest

[PATCH v3 0/6] Add kselftest_harness.h

+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com Regards, Mickaël Salaün (6): selftests: Make test_harness.h more generally available selftests: Cosmetic renames in kselftest_harness.h selftests/seccomp: Force rebuild according to dependencies Documentation/dev-tools: Add kselftest

[PATCH v2 4/6] Documentation/dev-tools: Add kselftest

Move kselftest.txt to dev-tools/kselftest.rst . Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Shuah Khan <sh...@kernel.org> --- Documentation/00-INDEX | 2 -- Documentation/{kselftest.txt => de

[PATCH v2 4/6] Documentation/dev-tools: Add kselftest

Move kselftest.txt to dev-tools/kselftest.rst . Signed-off-by: Mickaël Salaün Cc: Jonathan Corbet Cc: Shuah Khan --- Documentation/00-INDEX | 2 -- Documentation/{kselftest.txt => dev-tools/kselftest.rst} | 0 2 files changed, 2 deletions(-) ren

[PATCH v2 3/6] selftests/seccomp: Force rebuild according to dependencies

Rebuild the seccomp tests when kselftest_harness.h is updated. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Shuah Khan <sh...@kernel.org> Cc: Will Drewry <w...@chromium.org>

[PATCH v2 0/6] Add kselftest_harness.h

+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com Regards, Mickaël Salaün (6): selftests: Make test_harness.h more generally available selftests: Cosmetic renames in kselftest_harness.h selftests/seccomp: Force rebuild according to dependencies Documentation/dev-tools: Add kselftest

[PATCH v2 5/6] Documentation/dev-tools: Use reStructuredText markups for kselftest

Include and convert kselftest to the Sphinx format. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Shuah Khan <sh...@kernel.org> --- Documentation/dev-tools/index.rst | 1 + Documentation/dev-tools/

[PATCH v2 3/6] selftests/seccomp: Force rebuild according to dependencies

Rebuild the seccomp tests when kselftest_harness.h is updated. Signed-off-by: Mickaël Salaün Cc: Andy Lutomirski Cc: Kees Cook Cc: Shuah Khan Cc: Will Drewry --- tools/testing/selftests/seccomp/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/seccomp

[PATCH v2 0/6] Add kselftest_harness.h

+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com Regards, Mickaël Salaün (6): selftests: Make test_harness.h more generally available selftests: Cosmetic renames in kselftest_harness.h selftests/seccomp: Force rebuild according to dependencies Documentation/dev-tools: Add kselftest

[PATCH v2 5/6] Documentation/dev-tools: Use reStructuredText markups for kselftest

Include and convert kselftest to the Sphinx format. Signed-off-by: Mickaël Salaün Cc: Jonathan Corbet Cc: Shuah Khan --- Documentation/dev-tools/index.rst | 1 + Documentation/dev-tools/kselftest.rst | 77 --- 2 files changed, 55 insertions(+), 23

[PATCH v2 1/6] selftests: Make test_harness.h more generally available

-by: Mickaël Salaün <m...@digikod.net> Acked-by: Kees Cook <keesc...@chromium.org> Acked-by: Will Drewry <w...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Shuah Khan <sh...@kernel.org> Link: https://lkml.kernel.org/r/CAGXu5j+8CVz8vL51DRYXqOY=xc3zuKFf=pt

[PATCH v2 2/6] selftests: Cosmetic renames in kselftest_harness.h

Keep the content consistent with the new name. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Shuah Khan <sh...@kernel.org> Cc: Will Drewry <w...@chromium.org> --- tools/testing

[PATCH v2 2/6] selftests: Cosmetic renames in kselftest_harness.h

Keep the content consistent with the new name. Signed-off-by: Mickaël Salaün Cc: Andy Lutomirski Cc: Kees Cook Cc: Shuah Khan Cc: Will Drewry --- tools/testing/selftests/kselftest_harness.h | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tools/testing

[PATCH v2 1/6] selftests: Make test_harness.h more generally available

-by: Mickaël Salaün Acked-by: Kees Cook Acked-by: Will Drewry Cc: Andy Lutomirski Cc: Shuah Khan Link: https://lkml.kernel.org/r/CAGXu5j+8CVz8vL51DRYXqOY=xc3zuKFf=ptene88xyhzfyi...@mail.gmail.com --- MAINTAINERS | 1 + tools/testing

[PATCH v2 6/6] Documentation/dev-tools: Add kselftest_harness documentation

Add metadata to kselftest_harness.h to be able to include the comments in the Sphinx documentation. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Kees Cook <keesc...@chromium.or

[PATCH v2 6/6] Documentation/dev-tools: Add kselftest_harness documentation

Add metadata to kselftest_harness.h to be able to include the comments in the Sphinx documentation. Signed-off-by: Mickaël Salaün Cc: Andy Lutomirski Cc: Jonathan Corbet Cc: Kees Cook Cc: Shuah Khan Cc: Will Drewry --- Documentation/dev-tools/kselftest.rst | 57 ++ tools/testing

Re: [PATCH v1] selftests: Make test_harness.h more generally available

un, Apr 30, 2017 at 5:26 AM, Mickaël Salaün <m...@digikod.net> wrote: >>> The seccomp/test_harness.h file contains useful helpers to build tests. >>> Moving it to the selftest directory should benefit to other test >>> components. >> >> Unless Shuah think

Re: [PATCH v1] selftests: Make test_harness.h more generally available

/seccomp.h F: tools/testing/selftests/seccomp/* +F: tools/testing/selftests/test_harness.h K: \bsecure_computing K: \bTIF_SECCOMP\b On 30/04/2017 20:22, Will Drewry wrote: > On Sun, Apr 30, 2017 at 12:39 PM, Kees Cook wrote: >> >> On Sun, Apr 30, 2017 at 5:26 AM,

[PATCH v1] selftests: Make test_harness.h more generally available

The seccomp/test_harness.h file contains useful helpers to build tests. Moving it to the selftest directory should benefit to other test components. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Kees Cook <keesc...@chromium.org>

[PATCH v1] selftests: Make test_harness.h more generally available

The seccomp/test_harness.h file contains useful helpers to build tests. Moving it to the selftest directory should benefit to other test components. Signed-off-by: Mickaël Salaün Cc: Andy Lutomirski Cc: Kees Cook Cc: Shuah Khan Cc: Will Drewry Link: https://lkml.kernel.org/r/CAGXu5j

Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 30/04/2017 04:11, Tetsuo Handa wrote: > Casey Schaufler wrote: >> On 4/29/2017 12:02 PM, Mickael Salaun wrote: >>> Check if the registering LSM already registered hooks just before. This >>> enable to split hook declarations into multiple files without >>> registering multiple time the same

Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

On 30/04/2017 04:11, Tetsuo Handa wrote: > Casey Schaufler wrote: >> On 4/29/2017 12:02 PM, Mickael Salaun wrote: >>> Check if the registering LSM already registered hooks just before. This >>> enable to split hook declarations into multiple files without >>> registering multiple time the same

[PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

Check if the registering LSM already registered hooks just before. This enable to split hook declarations into multiple files without registering multiple time the same LSM name, starting from commit d69dece5f5b6 ("LSM: Add /sys/kernel/security/lsm"). Signed-off-by: Mickaël

[PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM

Check if the registering LSM already registered hooks just before. This enable to split hook declarations into multiple files without registering multiple time the same LSM name, starting from commit d69dece5f5b6 ("LSM: Add /sys/kernel/security/lsm"). Signed-off-by: Mickaël Salaün

Re: [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()

On 19/04/2017 00:47, Mickaël Salaün wrote: > > On 19/04/2017 00:23, Kees Cook wrote: >> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >>> The semantic is unchanged. This will be useful for the Landlock >>> integration with secco

Re: [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()

On 19/04/2017 00:47, Mickaël Salaün wrote: > > On 19/04/2017 00:23, Kees Cook wrote: >> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >>> The semantic is unchanged. This will be useful for the Landlock >>> integration with seccomp (next commit). >>

Re: [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism

On 20/04/2017 00:02, Kees Cook wrote: > On Wed, Apr 19, 2017 at 2:51 PM, Mickaël Salaün <m...@digikod.net> wrote: >> >> On 19/04/2017 02:02, Kees Cook wrote: >>> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >>>> This is

Re: [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism

On 20/04/2017 00:02, Kees Cook wrote: > On Wed, Apr 19, 2017 at 2:51 PM, Mickaël Salaün wrote: >> >> On 19/04/2017 02:02, Kees Cook wrote: >>> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >>>> This is useful to return an information about the er

Re: [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem

On 19/04/2017 01:40, Kees Cook wrote: > On Tue, Apr 18, 2017 at 4:16 PM, Casey Schaufler <ca...@schaufler-ca.com> > wrote: >> On 4/18/2017 3:44 PM, Mickaël Salaün wrote: >>> On 19/04/2017 00:17, Kees Cook wrote: >>>> On Tue, Mar 28, 2017 at 4:46 PM,

Re: [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem

On 19/04/2017 01:40, Kees Cook wrote: > On Tue, Apr 18, 2017 at 4:16 PM, Casey Schaufler > wrote: >> On 4/18/2017 3:44 PM, Mickaël Salaün wrote: >>> On 19/04/2017 00:17, Kees Cook wrote: >>>> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >>&

Re: [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism

On 19/04/2017 02:02, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >> This is useful to return an information about the error without being >> able to write to TH_LOG_STREAM. >> >> Helpers from test_harness.h may

Re: [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism

On 19/04/2017 02:02, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >> This is useful to return an information about the error without being >> able to write to TH_LOG_STREAM. >> >> Helpers from test_harness.h may be useful outside

Re: [PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing

On 19/04/2017 01:26, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >> This sixth series add some changes to the previous one [1], including a >> simpler >> rule inheritance hierarchy (similar to seccomp-bpf), a ptrace sc

Re: [PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing

On 19/04/2017 01:26, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >> This sixth series add some changes to the previous one [1], including a >> simpler >> rule inheritance hierarchy (similar to seccomp-bpf), a ptrace scope >> protec

Re: [PATCH net-next v6 10/11] bpf,landlock: Add tests for Landlock

On 19/04/2017 01:16, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >> Test basic context access, ptrace protection and filesystem event with >> multiple cases. >> >> Changes since v5: >> * add subtype test >

Re: [PATCH net-next v6 10/11] bpf,landlock: Add tests for Landlock

On 19/04/2017 01:16, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >> Test basic context access, ptrace protection and filesystem event with >> multiple cases. >> >> Changes since v5: >> * add subtype test >> * add ptrace tests &

Re: [PATCH net-next v6 08/11] bpf: Add a Landlock sandbox example

On 19/04/2017 01:06, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >> Add a basic sandbox tool to create a process isolated from some part of >> the system. This sandbox create a read-only environment. It is only >> allo

Re: [PATCH net-next v6 08/11] bpf: Add a Landlock sandbox example

On 19/04/2017 01:06, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >> Add a basic sandbox tool to create a process isolated from some part of >> the system. This sandbox create a read-only environment. It is only >> allowed to write to a character

Re: [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy

On 19/04/2017 00:53, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >> The seccomp(2) syscall can be used by a task to apply a Landlock rule to >> itself. As a seccomp filter, a Landlock rule is enforced for the current >&

Re: [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy

On 19/04/2017 00:53, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >> The seccomp(2) syscall can be used by a task to apply a Landlock rule to >> itself. As a seccomp filter, a Landlock rule is enforced for the current >> task and all its fu

Re: [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()

On 19/04/2017 00:23, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >> The semantic is unchanged. This will be useful for the Landlock >> integration with seccomp (next commit). >> >> Signed-off-by: Mickaël Salaün &l

Re: [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()

On 19/04/2017 00:23, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >> The semantic is unchanged. This will be useful for the Landlock >> integration with seccomp (next commit). >> >> Signed-off-by: Mickaël Salaün >> Cc: Kees Co

Re: [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem

On 19/04/2017 00:17, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <m...@digikod.net> wrote: >> Handle 33 filesystem-related LSM hooks for the Landlock filesystem >> event: LANDLOCK_SUBTYPE_EVENT_FS. >> >> A Landlock event wrap LSM hooks for

Re: [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem

On 19/04/2017 00:17, Kees Cook wrote: > On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün wrote: >> Handle 33 filesystem-related LSM hooks for the Landlock filesystem >> event: LANDLOCK_SUBTYPE_EVENT_FS. >> >> A Landlock event wrap LSM hooks for similar kernel object

Re: [PATCH net-next v6 02/11] bpf,landlock: Define an eBPF program type for Landlock

On 29/03/2017 01:46, Mickaël Salaün wrote: > Add a new type of eBPF program used by Landlock rules. > > This new BPF program type will be registered with the Landlock LSM > initialization. > > Add an initial Landlock Kconfig. > > Changes since v5: > * rename fil

Re: [PATCH net-next v6 02/11] bpf,landlock: Define an eBPF program type for Landlock

On 29/03/2017 01:46, Mickaël Salaün wrote: > Add a new type of eBPF program used by Landlock rules. > > This new BPF program type will be registered with the Landlock LSM > initialization. > > Add an initial Landlock Kconfig. > > Changes since v5: > * rename fil

Re: [kernel-hardening] [PATCH net-next v6 07/11] landlock: Add ptrace restrictions

On 10/04/2017 08:48, Djalal Harouni wrote: > On Wed, Mar 29, 2017 at 1:46 AM, Mickaël Salaün <m...@digikod.net> wrote: >> A landlocked process has less privileges than a non-landlocked process >> and must then be subject to additional restrictions when manipulating >&g

Re: [kernel-hardening] [PATCH net-next v6 07/11] landlock: Add ptrace restrictions

On 10/04/2017 08:48, Djalal Harouni wrote: > On Wed, Mar 29, 2017 at 1:46 AM, Mickaël Salaün wrote: >> A landlocked process has less privileges than a non-landlocked process >> and must then be subject to additional restrictions when manipulating >> processes. To be al

Re: [PATCH net-next v6 01/11] bpf: Add eBPF program subtype and is_valid_subtype() verifier (fwd)

t; > To: kbu...@01.org > Cc: Julia Lawall <julia.law...@lip6.fr> > Subject: Re: [PATCH net-next v6 01/11] bpf: Add eBPF program subtype and > is_valid_subtype() verifier > > In-Reply-To: <20170328234650.19695-2-...@digikod.net> > TO: "Mickaël Salaün" <m..

Re: [PATCH net-next v6 01/11] bpf: Add eBPF program subtype and is_valid_subtype() verifier (fwd)

Julia Lawall > Subject: Re: [PATCH net-next v6 01/11] bpf: Add eBPF program subtype and > is_valid_subtype() verifier > > In-Reply-To: <20170328234650.19695-2-...@digikod.net> > TO: "Mickaël Salaün" > > Hi Mickaël, > > [auto build test WARNIN

Re: [kernel-hardening] [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy

On 29/03/2017 12:35, Djalal Harouni wrote: > On Wed, Mar 29, 2017 at 1:46 AM, Mickaël Salaün <m...@digikod.net> wrote: >> @@ -25,6 +30,9 @@ struct seccomp_filter; >> struct seccomp { >> int mode; >> struct seccomp_filter *filter; >

Re: [kernel-hardening] [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy

On 29/03/2017 12:35, Djalal Harouni wrote: > On Wed, Mar 29, 2017 at 1:46 AM, Mickaël Salaün wrote: >> @@ -25,6 +30,9 @@ struct seccomp_filter; >> struct seccomp { >> int mode; >> struct seccomp_filter *filter; >> +#if defined(

[PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing

@digikod.net [3] https://lkml.kernel.org/r/1477390454-12553-1-git-send-email-dan...@zonque.org [4] https://lkml.kernel.org/r/20160829114542.GA20836@ircssh.c.rugged-nimbus-611.internal [5] https://lkml.kernel.org/r/20161221231506.19800-1-...@digikod.net Regards, Mickaël Salaün (11): bpf: Add e

[PATCH net-next v6 03/11] bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode()

* with struct path* in map_landlock_handle * add BPF protos * fix bpf_landlock_cmp_fs_prop_with_struct_file() Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogea

[PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing

@digikod.net [3] https://lkml.kernel.org/r/1477390454-12553-1-git-send-email-dan...@zonque.org [4] https://lkml.kernel.org/r/20160829114542.GA20836@ircssh.c.rugged-nimbus-611.internal [5] https://lkml.kernel.org/r/20161221231506.19800-1-...@digikod.net Regards, Mickaël Salaün (11): bpf: Add e

<    4   5   6   7   8   9   10   11   12   13   >