-by: Yunchuan Wen wenyunch...@kylinos.com.cn
Reviewed-by: Tyler Hicks tyhi...@canonical.com
Thanks again, Li. I've pushed this to my next branch.
I lost track of it last time. Sorry about that!
Tyler
---
fs/ecryptfs/mmap.c | 12 ++--
1 files changed, 10 insertions(+), 2 deletions
On 2012-10-23 13:03:39, Kees Cook wrote:
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Tyler Hicks tyhi...@canonical.com
Kees - Please push this through your tree. Thanks
Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914
Signed-off-by: Tim Sally tsa...@atomicpeace.com
Looks good! I've pushed it to the eCryptfs -next branch and it will go
in during the 3.6 merge window.
I'm looking forward to more eCryptfs
node.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Tyler Hicks tyhi...@canonical.com
---
v2:
- update version mask to reflect messaging feature presence.
Thanks for v2. I've pushed it to my next branch.
Tyler
---
fs/ecryptfs/Kconfig |8
fs/ecryptfs
):
eCryptfs: decrypt_pki_encrypted_session_key(): remove kfree() redundant
null check
ecryptfs: ecryptfs_msg_ctx_alloc_to_free(): remove kfree() redundant null
check
Tyler Hicks (3):
eCryptfs: Fix -Wunused-but-set-variable warnings
eCryptfs: Fix -Wmissing-prototypes warnings
On 2013-02-12 10:56:54, Tim Gardner wrote:
smatch analysis:
fs/ecryptfs/keystore.c:1206 decrypt_pki_encrypted_session_key() info:
redundant null check on msg calling kfree()
Cc: Tyler Hicks tyhi...@canonical.com
Cc: Dustin Kirkland dustin.kirkl...@gazzang.com
Cc: ecryp
On 2013-02-12 11:03:49, Tim Gardner wrote:
smatch analysis:
fs/ecryptfs/messaging.c:101 ecryptfs_msg_ctx_alloc_to_free() info:
redundant null check on msg_ctx-msg calling kfree()
Cc: Tyler Hicks tyhi...@canonical.com
Cc: Dustin Kirkland dustin.kirkl...@gazzang.com
Cc: ecryp
node.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Tyler Hicks tyhi...@canonical.com
Thanks for the patch, Kees!
I took a glance over the code and noticed that ECRYPTFS_VERSIONING_MASK
needs some adjusting. Its value is what is used to populate the
/sys/fs/ecryptfs/version mask
a regression, introduced in 2.6.39, when a file is renamed on top of
another file. The target file's inode was not being evicted and the space
taken by the file was not reclaimed until eCryptfs was unmounted.
Tyler Hicks (3
support at mount
Tyler Hicks (6):
eCryptfs: Copy up POSIX ACL and read-only flags from lower mount
eCryptfs: Remove unused messaging declarations and function
eCryptfs: Make all miscdev functions use daemon ptr in file private_data
eCryptfs: Unlink lower inode when
that use the miscdev
interface. I was able to keep the changes minimal and I have some cleaner, more
complete changes queued up for the next merge window that will build on these
patches.
Tyler Hicks (3):
eCryptfs: Properly check
Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914
Hey Tim - Thanks for digging this one out of the bug tracker. :)
Signed-off-by: Tim Sally tsa...@atomicpeace.com
---
fs/ecryptfs/main.c | 24
1 file changed, 24
Hi Linus,
The following changes since commit 0e4a43ed08e2f44aa7b96aa95d0a540d675483e1:
Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes
(2012-11-07 13:38:56 +0100)
are available in the git repository at:
to stable@v.k.o. Thanks!
Tyler
--
From: Tyler Hicks tyhi...@canonical.com
commit 4a26620df451ad46151ad21d711ed43e963c004e upstream.
BugLink: http://bugs.launchpad.net/bugs/885744
statfs() calls on eCryptfs files returned the wrong filesystem type and,
when using
cleanups
Matthew Wilcox (1):
Use ecryptfs_dentry_to_lower_path in a couple of places
Thomas Meyer (1):
eCryptfs: Cocci spatch memdup.spatch
Tyler Hicks (10):
eCryptfs: Use entire helper page during page crypto
Hi Linus,
The following changes since commit 4de9ad9bc08b4953fc03336ad38908496e2f8826:
Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile
(2013-09-06 11:14:33 -0700)
are available in the git repository at:
On 2013-10-11 16:49:16, Geyslan G. Bem wrote:
In 'decrypt_pki_encrypted_session_key' function:
Initializes 'payload' pointer and releases it on exit.
Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
Thanks! This one was easy to verify by auditing the code, but I was also
able to verify
conditionals
Tyler Hicks (1):
eCryptfs: file-private_data is always valid
fs/ecryptfs/file.c | 8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
signature.asc
Description: Digital signature
On 2013-11-14 15:42:14, Geyslan G. Bem wrote:
If the condition 'ecryptfs_file_to_private(file)' takes false branch
lower_file is dereferenced when NULL.
Caught by Coverity: CIDs 1128834 and 1128833.
Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
Hello - Smatch picked up on this
On 2013-11-14 17:58:40, Geyslan Gregório Bem wrote:
2013/11/14 Tyler Hicks tyhi...@canonical.com:
On 2013-11-14 15:42:14, Geyslan G. Bem wrote:
If the condition 'ecryptfs_file_to_private(file)' takes false branch
lower_file is dereferenced when NULL.
Caught by Coverity: CIDs 1128834
On 2014-03-05 09:15:28, Dave Hansen wrote:
I have a little program that uses mmap() to copy files. Essentially:
addr1 = mmap(fd1);
addr2 = mmap(fd2);
memcpy(addr1, addr2, len);
If these files are on ecryptfs and I interrupt the memcpy() with ^C, I
consistently get this
Error out of ecryptfs_fsync() if filemap_write_and_wait() fails.
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Cc: Paul Taysom tay...@chromium.org
Cc: Olof Johansson ol...@chromium.org
---
After giving Paul's patch one more look, I noticed that we were ignoring
filemap_write_and_wait()'s
* A couple of MAINTAINERS updates
Dustin Kirkland (1):
Update eCryptFS maintainers
Paul Taysom (1):
ecryptfs: fixed msync to flush data
Tyler Hicks (1):
eCryptfs: Check return of filemap_write_and_wait during fsync
On 2013-06-01 11:39:36, Thomas Meyer wrote:
Signed-off-by: Thomas Meyer tho...@m3y3r.de
---
Thanks Thomas - I've pushed this to my next branch.
Tyler
diff -u -p a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -247,14
On 2013-05-23 14:31:43, Paul Taysom wrote:
When msync is called on a memory mapped file, that
data is not flushed to the disk.
In Linux, msync calls fsync for the file. For ecryptfs,
fsync just calls the lower level file system's fsync.
Changed the ecryptfs fsync code to call
Hi Linus,
The following changes since commit d6099aeb4a9aad5e7ab1c72eb119ebd52dee0d52:
Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm (2013-10-14
10:02:23 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs.git
to the ablkcipher crypto API. The improvement is more
apparent on faster storage devices. There's no noticeable change when hardware
crypto is not available.
Tyler Hicks (1):
eCryptfs: Use the ablkcipher crypto API
fs/ecryptfs/crypto.c
On 2013-08-13 15:02:27, Kees Cook wrote:
It might be possible for two callers to race the mutex lock after the
NULL ctx check. Instead, move the lock above the check so there isn't
the possibility of leaking a crypto ctx. Additionally, report the full
algo name when failing.
Signed-off-by:
On 2014-06-27 01:11:59, Himangi Saraogi wrote:
This patch does away with cast on void * and the if as it is unnecessary.
The following Coccinelle semantic patch was used for making the change:
@r@
expression x;
void* e;
type T;
identifier f;
@@
(
*((T *)e)
|
((T *)x)[...]
|
On 2014-07-08 18:30:07, Fabian Frederick wrote:
Cc: Tyler Hicks tyhi...@canonical.com
Cc: ecryp...@vger.kernel.org
Signed-off-by: Fabian Frederick f...@skynet.be
---
Thanks. I'll get this pushed to the eCryptfs -next branch.
Tyler
fs/ecryptfs/keystore.c | 1 -
1 file changed, 1 deletion
On 2014-06-16 20:06:12, Fabian Frederick wrote:
Fix checkpatch warning:
WARNING: kfree(NULL) is safe this check is probably not required
Cc: Tyler Hicks tyhi...@canonical.com
Cc: ecryp...@vger.kernel.org
Signed-off-by: Fabian Frederick f...@skynet.be
---
Hi Fabian - Sorry for being slow
On 2014-06-18 21:15:59, Steven Rostedt wrote:
On Thu, 19 Jun 2014 03:25:46 +0800
kbuild test robot fengguang...@intel.com wrote:
tree:
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
ftrace/core
head: 72fa1a896d8ef355e81270667803ceb16a3dd13f
commit:
Hello and thanks for the patch!
On 2014-07-24 17:25:42, Chao Yu wrote:
https://bugzilla.kernel.org/show_bug.cgi?id=41692
This actually isn't the bug that this patch fixes. It is a different bug
(that I don't think exists anymore) and someone happened to test for the
bug on a newer kernel and
Hi Priya - Thanks for the report and patch. I have some inline comments.
On 2014-09-24 06:58:01, Priya Bansal wrote:
This patch fixes the issue which was found in
ecryptfs_setxattr(). Previously, while trying to create a file when ecryptfs
is mounted over ext4 filesystem with encrypted
that do not operate on a file descriptor.
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Reported-by: Priya Bansal p.ban...@samsung.com
---
fs/ecryptfs/file.c | 12
fs/ecryptfs/main.c | 16 +---
2 files changed, 13 insertions(+), 15 deletions(-)
diff --git a/fs/ecryptfs
instead of letting the VFS enforce it
Michael Halcrow (1):
eCryptfs: Remove buggy and unnecessary write in file name decode routine
Tyler Hicks (2):
eCryptfs: Force RO mount when encrypted view is enabled
eCryptfs: Remove
Hi Linus,
The following changes since commit 319e2e3f63c348a9b66db4667efa73178e18b17d:
Linux 3.13-rc4 (2013-12-15 12:31:33 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs.git
tags/ecryptfs-3.18-fixes
for you to fetch changes
Hi Alexey - thanks for the patch.
On 2014-09-23 00:39:31, Alexey Khoroshilov wrote:
There is a bug in error handling of lock_parent() in ecryptfs_do_create():
lock_parent() acquries mutex even if dget_parent() fails, so mutex should be
unlocked anyway.
But dget_parent() does not fail, so
.
Colin Ian King (1):
eCryptfs: ensure copy to crypt_stat-cipher does not overrun
Tyler Hicks (1):
eCryptfs: don't pass fs-specific ioctl commands through
fs/ecryptfs/ecryptfs_kernel.h | 4 ++--
fs/ecryptfs/file.c| 34 ++
fs/ecryptfs
On 2015-02-23 11:34:10, Colin King wrote:
From: Colin Ian King colin.k...@canonical.com
The patch 237fead61998: [PATCH] ecryptfs: fs/Makefile and
fs/Kconfig from Oct 4, 2006, leads to the following static checker
warning:
fs/ecryptfs/crypto.c:846 ecryptfs_new_file_context()
error:
commands are mostly common across all
filesystems but the whitelist may need to be further pruned in the
future.
https://bugzilla.kernel.org/show_bug.cgi?id=93691
https://launchpad.net/bugs/1305335
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Cc: Rocko rockoreq...@hotmail.com
Cc: Colin Ian King
Thanks for the report and for the patch, Richard!
On 2015-07-31 12:23:10, Richard Weinberger wrote:
Mounting the same lower path multiple times should not result
into multiple ecryptfs instances, otherwise ecryptfs gets confused.
A command sequence of:
An important detail that took me a
On 2015-08-03 20:31:57, Richard Weinberger wrote:
Tyler,
Am 03.08.2015 um 07:27 schrieb Tyler Hicks:
So ecryptfs definitely supports mounting the same lower path multiple
times?
What is the benefit of that behavior?
No, it doesn't support that in a way that provides consistency
On 2015-08-04 07:46:50, Richard Weinberger wrote:
Tyler,
Am 04.08.2015 um 01:07 schrieb Tyler Hicks:
Okay, then I'd argument to give my patch a try although it is not the
solution
to the problem I've reported. :-)
If you don't mind I'll resend with a proper changelog.
That patch
not being cleared.
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Reported-by: Richard Weinberger rich...@nod.at
---
fs/ecryptfs/dentry.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c
index 8db0b46..63cd2c1 100644
On 2015-08-02 09:51:16, Richard Weinberger wrote:
Am 02.08.2015 um 03:03 schrieb Tyler Hicks:
Thanks for the report and for the patch, Richard!
On 2015-07-31 12:23:10, Richard Weinberger wrote:
Mounting the same lower path multiple times should not result
into multiple ecryptfs
On 2015-06-26 18:25:09, SF Markus Elfring wrote:
From: Markus Elfring elfr...@users.sourceforge.net
Date: Fri, 26 Jun 2015 18:18:54 +0200
The key_put() function tests whether its argument is NULL and then
returns immediately. Thus the test around this call might not be needed.
This issue
On 2015-11-10 15:20:59, andr...@codeaurora.org wrote:
> This is a hardware inline accelerator, meaning that it operates on much
> lower layer, block layer and device driver layer. The HW encrypts plain
> requests sent from block layer directly, thus doing it much more
> efficiently rather than
On 2015-11-09 20:56:02, andr...@codeaurora.org wrote:
> Hello, Tyler
>
> I'll try to provide more detailed explanation, should it be satisfactory
> enough I will update the patch description.
>
> The problem with current eCryptfs is that it has total control on how and
> when the encryption is
Hello Andrey!
On 2015-11-08 10:10:00, Andrey Markovytch wrote:
> From: Andrey Markovytch
>
> Currently eCryptfs is responsible for page encryption/decryption.
> This approach will not work when there is HW inline encryption.
> The proposed change allows external module
tfs dcache entries caused by unlinked lower inodes
Markus Elfring (1):
eCryptfs: Delete a check before the function call "key_put"
Tyler Hicks (1):
eCryptfs: Invalidate dcache entries when lower i_nlink i
roy\)(x);
> //
>
> Signed-off-by: Julia Lawall <julia.law...@lip6.fr>
Acked-by: Tyler Hicks <tyhi...@canonical.com>
I assume that you'll be landing this patch set into Linus' tree all
together. Let me know if that's incorrect and I should take this single
patch into the eC
On 2015-09-15 06:36:30, Julia Lawall wrote:
>
>
> On Mon, 14 Sep 2015, Tyler Hicks wrote:
>
> > On 2015-09-13 14:15:21, Julia Lawall wrote:
> > > Remove unneeded NULL test.
> > >
> > > The semantic patch that makes this change is
application authors
because root-running Go applications always triggered the denial. To
prevent this confusion, the capability check in net_ctl_permissions() is
switched to the noaudit variant.
BugLink: https://launchpad.net/bugs/1465724
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
I'm resending this patch set at the request of James Morris. This pair of
patches does away with what I believe is a useless denial audit message
when a privileged process initially accesses a net sysctl.
The bug was first discovered when running Go applications under AppArmor
confinement. It can
()
is moved into a single, shared function to keep duplicated code to a
minimum and ease maintainability.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>
---
include/linux/capability.h | 5 +
kernel/capability.c
On 05/17/2016 09:13 AM, Tyler Hicks wrote:
> On 05/08/2016 10:56 PM, David Miller wrote:
>> From: Tyler Hicks <tyhi...@canonical.com>
>> Date: Fri, 6 May 2016 18:04:12 -0500
>>
>>> This pair of patches does away with what I believe is a useless denial
>>
On 06/09/2016 03:31 PM, Chris J Arges wrote:
> Noticed some minor spelling errors when looking through the code.
>
> Signed-off-by: Chris J Arges
Hey Chris - thanks for these fixups. The first two hunks
(respresentation -> representation) were already fixed by an
th skcipher,
> and the long obsolete hash interface with shash.
>
> Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
Acked-by: Tyler Hicks <tyhi...@canonical.com>
I have no problem with you taking this through the cryptodev tree.
Thanks!
Tyler
>
> diff --git
Thanks for the patch. It'll probably hang around in my tree until I have
a more pressing fix to send up.
Tyler
On 2016-02-17 14:50:10, Wei Yuan wrote:
> Signed-off-by: Weiyuan
> ---
> fs/ecryptfs/crypto.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>
On 2016-04-12 03:15:44, Ricky Zhou wrote:
> In LSMs such as SELinux, files can be associated with state from the
> credentials of the task that opens it. Since ecryptfs shares a single
> handle to lower files across tasks that access it, others tasks can
> later be denied access to the lower file
On 05/08/2016 10:56 PM, David Miller wrote:
> From: Tyler Hicks <tyhi...@canonical.com>
> Date: Fri, 6 May 2016 18:04:12 -0500
>
>> This pair of patches does away with what I believe is a useless denial
>> audit message when a privileged process initially accesses
This pair of patches does away with what I believe is a useless denial
audit message when a privileged process initially accesses a net sysctl.
The bug was first discovered when running Go applications under AppArmor
confinement. It can be triggered like so:
$ echo "profile test { file, }" |
application authors
because root-running Go applications always triggered the denial. To
prevent this confusion, the capability check in net_ctl_permissions() is
switched to the noaudit variant.
BugLink: https://launchpad.net/bugs/1465724
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
--
()
is moved into a single, shared function to keep duplicated code to a
minimum and ease maintainability.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
include/linux/capability.h | 5 +
kernel/capability.c| 46 --
2 files chang
Hi Linus,
The following changes since commit 33688abb2802ff3a230bd2441f765477b94cc89e:
Linux 4.7-rc4 (2016-06-19 21:30:02 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs.git
tags/ecryptfs-4.7-rc7-fixes
for you to fetch changes
r of tasks with an allocated
audit context.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
include/linux/audit.h | 6 +--
kernel/seccomp.c | 114 --
2 files changed, 112 insertions(+), 8 deletions(-)
diff --git a/include/linux/a
Extend the kernel selftests for seccomp to test the newly added
SECCOMP_RET_LOG action. The added tests follow the example of existing
tests.
Unfortunately, the tests are not capable of inspecting the audit log to
verify that the syscall was logged.
Signed-off-by: Tyler Hicks <t
This patch set is the second revision of the following two previously
submitted patch sets:
http://lkml.kernel.org/r/1483375990-14948-1-git-send-email-tyhi...@canonical.com
http://lkml.kernel.org/r/1483377999-15019-2-git-send-email-tyhi...@canonical.com
The patch set aims to address some known
On 02/07/2017 06:03 PM, Kees Cook wrote:
> On Thu, Feb 2, 2017 at 9:37 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> This patch creates a read-only sysctl containing an ordered list of
>> seccomp actions that the kernel supports. The ordering, from left to
>> right,
be written to the max_action_to_log sysctl in order to get a
list of logged actions without the, potentially larger, set of allowed
actions.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Documentation/prctl/seccomp_filter.txt | 6 ++
include/uapi/linux/seccomp.h | 1 +
re
exactly what seccomp logs through the audit subsystem. Support for this
level of logging configuration will come in a future patch.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
kernel/seccomp.c | 50 ++
1 file changed, 50 insertion
On 02/16/2017 12:40 PM, Tyler Hicks wrote:
> On 02/15/2017 07:10 PM, Kees Cook wrote:
>> On Mon, Feb 13, 2017 at 7:55 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>>> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
>>> index e36dfe9..270a227 100644
>>&g
Extend the kernel selftests for seccomp to test the newly added
SECCOMP_RET_LOG action. The added tests follow the example of existing
tests.
Unfortunately, the tests are not capable of inspecting the audit log to
verify that the syscall was logged.
Signed-off-by: Tyler Hicks <t
r of tasks with an allocated
audit context.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Documentation/prctl/seccomp_filter.txt | 21 ++
include/linux/audit.h | 6 +-
kernel/seccomp.c | 123 -
3 files changed
re
exactly what seccomp logs through the audit subsystem. Support for this
level of logging configuration will come in a future patch.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Documentation/prctl/seccomp_filter.txt | 16 ++
Documentation/sysctl/kernel.txt| 1 +
be written to the max_action_to_log sysctl in order to get a
list of logged actions without the, potentially larger, set of allowed
actions.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Documentation/prctl/seccomp_filter.txt | 6 ++
include/uapi/linux/seccomp.h | 1 +
max_action
+ Document the log_max_action sysctl
- Patch 3
+ Put some space between RET_LOG and RET_ALLOW for future actions
+ Separate the RET_ALLOW and RET_LOG cases in __seccomp_filter()
- Patch 4
+ Adjust the selftests for the updated RET_LOG value
Tyler
Tyler Hicks (4):
seccomp:
re
exactly what seccomp logs through the audit subsystem. Support for this
level of logging configuration will come in a future patch.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Documentation/prctl/seccomp_filter.txt | 16 ++
Documentation/sysctl/kernel.txt| 1 +
be written to the max_action_to_log sysctl in order to get a
list of logged actions without the, potentially larger, set of allowed
actions.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Documentation/prctl/seccomp_filter.txt | 6 ++
include/uapi/linux/seccomp.h | 1 +
tl
- Patch 3
+ Put some space between RET_LOG and RET_ALLOW for future actions
+ Separate the RET_ALLOW and RET_LOG cases in __seccomp_filter()
- Patch 4
+ Adjust the selftests for the updated RET_LOG value
Tyler
Tyler Hicks (4):
seccomp: Add sysctl to display available actions
se
On 02/07/2017 06:43 PM, Kees Cook wrote:
> On Tue, Feb 7, 2017 at 4:25 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> On 02/07/2017 06:03 PM, Kees Cook wrote:
>>> On Thu, Feb 2, 2017 at 9:37 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>>>> This p
r of tasks with an allocated
audit context.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Documentation/prctl/seccomp_filter.txt | 21 ++
include/linux/audit.h | 6 +-
kernel/seccomp.c | 123 -
3 files changed
Extend the kernel selftests for seccomp to test the newly added
SECCOMP_RET_LOG action. The added tests follow the example of existing
tests.
Unfortunately, the tests are not capable of inspecting the audit log to
verify that the syscall was logged.
Signed-off-by: Tyler Hicks <t
A Japanese translation file contained the incorrect email address for
the linux-api list.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
I was unlucky enough to copy and paste this invalid address from
`git grep linux-api Documentation` output, resulting in a patch set that
b
On 02/07/2017 06:24 PM, Kees Cook wrote:
> On Thu, Feb 2, 2017 at 9:37 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> Administrators can write to this sysctl to set the maximum seccomp
>> action that should be logged. Any actions with values greater than
>> w
On 02/07/2017 06:33 PM, Kees Cook wrote:
> On Thu, Feb 2, 2017 at 9:37 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> Add a new action, SECCOMP_RET_LOG, that logs a syscall before allowing
>> the syscall. At the implementation level, this action is identical to
>> the
On 02/10/2017 06:08 PM, Kees Cook wrote:
> On Fri, Feb 10, 2017 at 4:01 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> On 02/07/2017 06:33 PM, Kees Cook wrote:
>>> This adds to UAPI, so it'd be good to think for a moment about how
>>> this would work on old
On 02/15/2017 07:10 PM, Kees Cook wrote:
> On Mon, Feb 13, 2017 at 7:55 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
>> index e36dfe9..270a227 100644
>> --- a/kernel/seccomp.c
>> +++ b/kernel/seccomp.c
&g
On 02/15/2017 07:00 PM, Kees Cook wrote:
> On Mon, Feb 13, 2017 at 7:45 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> This patch creates a read-only sysctl containing an ordered list of
>> seccomp actions that the kernel supports. The ordering, from left to
>> right,
On 02/15/2017 07:13 PM, Kees Cook wrote:
> On Mon, Feb 13, 2017 at 7:55 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> Extend the kernel selftests for seccomp to test the newly added
>> SECCOMP_RET_LOG action. The added tests follow the example of existing
>>
On 02/15/2017 09:14 PM, Andy Lutomirski wrote:
> On Mon, Feb 13, 2017 at 7:45 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> This patch creates a read-only sysctl containing an ordered list of
>> seccomp actions that the kernel supports. The ordering, from left to
>>
On 02/16/2017 01:01 PM, Andy Lutomirski wrote:
> On Thu, Feb 16, 2017 at 10:47 AM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> On 02/15/2017 09:14 PM, Andy Lutomirski wrote:
>>> On Mon, Feb 13, 2017 at 7:45 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>>>
On 02/15/2017 09:24 PM, Andy Lutomirski wrote:
> On Mon, Feb 13, 2017 at 7:45 PM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> This patch set is the third revision of the following two previously
>> submitted patch sets:
>>
>> v1:
>> http://lkml.kernel.
On 09/20/2016 06:17 PM, Rasmus Villemoes wrote:
> Calling sprintf in a loop is not very efficient, and in any case, we
> already have an implementation of bin-to-hex conversion in lib/ which
> we might as well use.
>
> Note that ecryptfs_to_hex used to nul-terminate the destination (and
> the
On 09/29/2016 07:29 AM, liushuoran wrote:
> Hi Tyhicks,
>
> We observed a ecryptFS crash occasionally in Linux kernel 4.1.18. The call
> trace is attached below. Is it a known issue? Look forward to hearing from
> you. Thanks in advance!
It isn't known to me but I'm rarely testing eCryptfs
On 01/04/2017 02:42 AM, Paul Moore wrote:
> On Tue, Jan 3, 2017 at 8:31 AM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> On 01/02/2017 04:47 PM, Paul Moore wrote:
>>> On Mon, Jan 2, 2017 at 11:53 AM, Tyler Hicks <tyhi...@canonical.com> wrote:
>>>> Thi
On 01/02/2017 04:47 PM, Paul Moore wrote:
> On Mon, Jan 2, 2017 at 11:53 AM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> This patch set creates the basis for auditing information specific to a given
>> seccomp return action and then starts auditing SECCOMP_RET_ERRNO return
On 01/02/2017 11:57 PM, Andy Lutomirski wrote:
> On Mon, Jan 2, 2017 at 8:53 AM, Tyler Hicks <tyhi...@canonical.com> wrote:
>> This patch set creates the basis for auditing information specific to a given
>> seccomp return action and then starts auditing SECCOMP_RET_ER
On 01/04/2017 04:44 AM, Kees Cook wrote:
> On Tue, Jan 3, 2017 at 1:31 PM, Paul Moore wrote:
>> On Tue, Jan 3, 2017 at 4:21 PM, Kees Cook wrote:
>>> On Tue, Jan 3, 2017 at 1:13 PM, Paul Moore wrote:
On Tue, Jan 3, 2017 at
1 - 100 of 557 matches
Mail list logo