[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering

(off-list ancestor, not in this archive)
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Kees Cook <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-29
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering · David Laight <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Pavel Machek <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Frederic Weisbecker <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · arnd@arndb.de (Arnd Bergmann) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · arnd@arndb.de (Arnd Bergmann) · 2011-05-15
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16

From: David Laight <hidden>
Date: 2011-05-13 15:29:27
Also in: linux-mips, linuxppc-dev

... If you can be completely stateless its easier, but there's
a reason that stacking security modules is hard.  Serge has tried in

the

past and both dhowells and casey schaufler are working on it right

now.

Stacking is never as easy as it sounds   :)

For a bad example of trying to allow alternate security models
look at NetBSD's kauth code :-)

NetBSD also had issues where some 'system call trace' code
was being used to (try to) apply security - unfortunately
it worked by looking at the user-space buffers on system
call entry - and a multithreaded program can easily arrange
to update them after the initial check!
For trace/event type activities this wouldn't really matter,
for security policy it does.
(I've not looked directly at these event points in linux)

	David

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help