Re: [PATCH 1/2] open: add close_range()

What I do in ring=non-supervisor is close all fd's while checking against an array of exemptions. if /proc is not mounted I close RLIMIT_NOFILE, if that fails I use a dumb loop to close everything(slooow). This new system call could significantly increase the fallback code, but If you use a range

Re: pidfd design

On Mon, Mar 25, 2019 at 5:45 PM Linus Torvalds wrote: > > On Fri, Mar 22, 2019 at 11:34 AM Michael Tirado wrote: > > > > On Wed, Mar 20, 2019 at 8:08 PM Alexey Dobriyan wrote: > > > > > > pidfd code should be backed out immediately. Forget about /proc. >

Re: pidfd design

On Wed, Mar 20, 2019 at 8:08 PM Alexey Dobriyan wrote: > > pidfd code should be backed out immediately. Forget about /proc. Seems like Torvalds just merges this sort of "stuff" without reading it now, or there's something that auto accepted pull request to RC tree? > The pull request you sent

Re: [PATCH v3] code-of-conduct: Remove explicit list of discrimination factors

On Mon, Dec 3, 2018 at 4:52 PM Linus Torvalds wrote: > > On Mon, Dec 3, 2018 at 4:15 AM Pavel Machek wrote: > > > > Linus, I don't think Greg is doing good job maintaining this. Can you > > take the patch? > > (Or explain what is going on here, because I don't > > think public has full story). >

Re: [PATCH v3 resend 1/2] mm: Add an F_SEAL_FUTURE_WRITE seal to memfd

On Fri, Nov 9, 2018 at 9:41 PM Andy Lutomirski wrote: > > > > > On Nov 9, 2018, at 1:06 PM, Jann Horn wrote: > > > > +linux-api for API addition > > +hughd as FYI since this is somewhat related to mm/shmem > > > > On Fri, Nov 9, 2018 at 9:46 PM Joel Fernandes (Google) > > wrote: > >> Android

Re: [PATCH v3 resend 1/2] mm: Add an F_SEAL_FUTURE_WRITE seal to memfd

On Fri, Nov 9, 2018 at 9:41 PM Andy Lutomirski wrote: > > > > > On Nov 9, 2018, at 1:06 PM, Jann Horn wrote: > > > > +linux-api for API addition > > +hughd as FYI since this is somewhat related to mm/shmem > > > > On Fri, Nov 9, 2018 at 9:46 PM Joel Fernandes (Google) > > wrote: > >> Android

Re: On holy wars, and a plea for peace

You hijacked Eric's thread and forgot to CC him? On Thu, Oct 11, 2018 at 12:49 AM wrote: > > Three avenues to rescind GPLv2 property. RAP strategy added. > > > Here's a case in NY where a Software distributor agreement violated New > York's Rule Against Perpetuities > McAllister Software

Re: On holy wars, and a plea for peace

You hijacked Eric's thread and forgot to CC him? On Thu, Oct 11, 2018 at 12:49 AM wrote: > > Three avenues to rescind GPLv2 property. RAP strategy added. > > > Here's a case in NY where a Software distributor agreement violated New > York's Rule Against Perpetuities > McAllister Software

Re: [PATCH v3 1/3] code-of-conduct: Fix the ambiguity about collecting email addresses

James, and our other friends, On Tue, Oct 16, 2018 at 2:59 PM James Bottomley wrote: > > The current code of conduct has an ambiguity More than one ambiguity. This whole file needs to go. >* Trolling, Who decides what is trolling, and what is a technique for raising awareness or sparking

Re: [PATCH v3 1/3] code-of-conduct: Fix the ambiguity about collecting email addresses

James, and our other friends, On Tue, Oct 16, 2018 at 2:59 PM James Bottomley wrote: > > The current code of conduct has an ambiguity More than one ambiguity. This whole file needs to go. >* Trolling, Who decides what is trolling, and what is a technique for raising awareness or sparking

Re: [PATCH v6 3/5] seccomp: add a way to get a listener fd from ptrace

Tycho, Sorry for the duplicate, I forgot to CC the list :( On Wed, Oct 17, 2018 at 3:00 PM Tycho Andersen wrote: > > > That's one of the use cases, but there are a large number of others. I > discuss a few in patch 1: > https://www.spinics.net/lists/linux-containers/msg33956.html > Thanks this

Re: [PATCH v6 3/5] seccomp: add a way to get a listener fd from ptrace

Tycho, Sorry for the duplicate, I forgot to CC the list :( On Wed, Oct 17, 2018 at 3:00 PM Tycho Andersen wrote: > > > That's one of the use cases, but there are a large number of others. I > discuss a few in patch 1: > https://www.spinics.net/lists/linux-containers/msg33956.html > Thanks this

Re: [PATCH v6 3/5] seccomp: add a way to get a listener fd from ptrace

On Thu, Sep 13, 2018 at 12:02 AM Andy Lutomirski wrote: > > Or we could have a > seccomp() mode that adds a filter but only kicks in after execve(). > > --Andy Hey that's a pretty good idea, then we could block execve in a seccomp launcher without post-exec cooperation, or that patch I wrote

Re: [PATCH v6 3/5] seccomp: add a way to get a listener fd from ptrace

On Thu, Sep 13, 2018 at 12:02 AM Andy Lutomirski wrote: > > Or we could have a > seccomp() mode that adds a filter but only kicks in after execve(). > > --Andy Hey that's a pretty good idea, then we could block execve in a seccomp launcher without post-exec cooperation, or that patch I wrote

Re: [PATCH v6] pidns: introduce syscall translate_pid

Hey, I'm not seeing much activity on this so here's my $0.02 > Unix socket automatically translates pid attached to SCM_CREDENTIALS. > This requires CAP_SYS_ADMIN for sending arbitrary pids and entering > into pid namespace, this expose process and could be insecure. Perhaps it would be a good

Re: [PATCH v6] pidns: introduce syscall translate_pid

Hey, I'm not seeing much activity on this so here's my $0.02 > Unix socket automatically translates pid attached to SCM_CREDENTIALS. > This requires CAP_SYS_ADMIN for sending arbitrary pids and entering > into pid namespace, this expose process and could be insecure. Perhaps it would be a good

net/netfilter/nf_tables_api.c: BUG_ON(ctx->table->use > 0)

Been getting beaten up by this bug for a few days now. I made a small test program for you netfilter experts to try because I'm running out of ideas over here. Attached is a C program to trigger the BUG_ON. I have narrowed possible causes down to the portion of my code that sends NFT_MSG_NEWRULE,

net/netfilter/nf_tables_api.c: BUG_ON(ctx->table->use > 0)

Been getting beaten up by this bug for a few days now. I made a small test program for you netfilter experts to try because I'm running out of ideas over here. Attached is a C program to trigger the BUG_ON. I have narrowed possible causes down to the portion of my code that sends NFT_MSG_NEWRULE,

Re: eBPF / seccomp globals?

On Tue, Sep 29, 2015 at 11:44 PM, Kees Cook wrote: > On Thu, Sep 10, 2015 at 2:55 PM, Michael Tirado wrote: >> On Fri, Sep 4, 2015 at 8:37 PM, Kees Cook wrote: >>> >> @@ -196,7 +197,12 @@ static u32 seccomp_run_filters(struct seccomp_data *sd) >> * value a

Re: eBPF / seccomp globals?

On Tue, Sep 29, 2015 at 11:44 PM, Kees Cook <keesc...@chromium.org> wrote: > On Thu, Sep 10, 2015 at 2:55 PM, Michael Tirado <mtirado...@gmail.com> wrote: >> On Fri, Sep 4, 2015 at 8:37 PM, Kees Cook <keesc...@chromium.org> wrote: >>> >> @@ -196,7 +197,1

Re: eBPF / seccomp globals?

Sorry for spamming you guys with my ugly, poorly formatted hack. I had to change something due to my shallow knowledge of how multiprocessors / multiple threads sharing a filter would behave. There may have been a possibility for the deferred integer to rollover and ruin everything? just in case

Re: eBPF / seccomp globals?

On Fri, Sep 4, 2015 at 8:37 PM, Kees Cook wrote: > > Do you still need file capabilities with the availability of the new > ambient capabilities? > > https://s3hh.wordpress.com/2015/07/25/ambient-capabilities/ > http://thread.gmane.org/gmane.linux.kernel.lsm/24034 Ah.. thanks for the info on

Re: eBPF / seccomp globals?

On Fri, Sep 4, 2015 at 8:37 PM, Kees Cook wrote: > > Do you still need file capabilities with the availability of the new > ambient capabilities? > > https://s3hh.wordpress.com/2015/07/25/ambient-capabilities/ > http://thread.gmane.org/gmane.linux.kernel.lsm/24034 Ah..

Re: eBPF / seccomp globals?

Sorry for spamming you guys with my ugly, poorly formatted hack. I had to change something due to my shallow knowledge of how multiprocessors / multiple threads sharing a filter would behave. There may have been a possibility for the deferred integer to rollover and ruin everything? just in case

Re: eBPF / seccomp globals?

be exec'd, so if somehow by Thor's hammer that program escapes it's sandbox, it will only be able to exec itself. I suppose it will have to now be restricted to absolute paths only. Thanks everyone for the clarification! On Fri, Sep 4, 2015 at 4:01 AM, Kees Cook wrote: > On Thu, Sep 3, 2015 at 6:

Re: eBPF / seccomp globals?

gt; On Thu, Sep 3, 2015 at 6:01 PM, Michael Tirado <mtirado...@gmail.com> wrote: >> Hiyall, >> >> I have created a seccomp white list filter for a program that launches >> other less trustworthy programs. It's working great so far, but I >> have run into a little

eBPF / seccomp globals?

Hiyall, I have created a seccomp white list filter for a program that launches other less trustworthy programs. It's working great so far, but I have run into a little roadblock. the launcher program needs to call execve as it's final step, but that may not be present in the white list. I am

eBPF / seccomp globals?

Hiyall, I have created a seccomp white list filter for a program that launches other less trustworthy programs. It's working great so far, but I have run into a little roadblock. the launcher program needs to call execve as it's final step, but that may not be present in the white list. I am