[PATCH v10 0/11] seccomp: add thread sync ability

[PATCH v10 0/11] seccomp: add thread sync ability · Kees Cook <hidden> · 2014-07-10
[PATCH v10 06/11] MIPS: add seccomp syscall · Kees Cook <hidden> · 2014-07-10
[PATCH v10 07/11] sched: move no_new_privs into new atomic flags · Kees Cook <hidden> · 2014-07-10
[PATCH v10 01/11] seccomp: create internal mode-setting function · Kees Cook <hidden> · 2014-07-10
[PATCH v10 02/11] seccomp: extract check/assign mode helpers · Kees Cook <hidden> · 2014-07-10
[PATCH v10 05/11] ARM: add seccomp syscall · Kees Cook <hidden> · 2014-07-10
[PATCH v10 04/11] seccomp: add "seccomp" syscall · Kees Cook <hidden> · 2014-07-10
[PATCH v10 11/11] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Kees Cook <hidden> · 2014-07-10
[PATCH v10 03/11] seccomp: split mode setting routines · Kees Cook <hidden> · 2014-07-10
[PATCH v10 08/11] seccomp: split filter prep from check and apply · Kees Cook <hidden> · 2014-07-10
[PATCH v10 10/11] seccomp: allow mode setting across threads · Kees Cook <hidden> · 2014-07-10
[PATCH v10 09/11] seccomp: introduce writer locking · Kees Cook <hidden> · 2014-07-10
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Oleg Nesterov <oleg@redhat.com> · 2014-07-11
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Kees Cook <hidden> · 2014-07-11
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Kees Cook <hidden> · 2014-07-14
Re: [PATCH v10 0/11] seccomp: add thread sync ability · James Morris <hidden> · 2014-07-15
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Andy Lutomirski <luto@amacapital.net> · 2014-07-17
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Andy Lutomirski <luto@amacapital.net> · 2014-07-14
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Kees Cook <hidden> · 2014-07-14
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Kees Cook <hidden> · 2014-07-16
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Andy Lutomirski <luto@amacapital.net> · 2014-07-16
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Kees Cook <hidden> · 2014-07-16
Re: [PATCH v10 0/11] seccomp: add thread sync ability · Andy Lutomirski <luto@amacapital.net> · 2014-07-16
Re: [PATCH v10 0/11] seccomp: add thread sync ability · James Morris <jmorris@namei.org> · 2014-07-16

From: luto@amacapital.net (Andy Lutomirski)
Date: 2014-07-16 21:28:19
Also in: linux-api, linux-arch, linux-mips, lkml

On Wed, Jul 16, 2014 at 2:23 PM, Kees Cook [off-list ref] wrote:

On Wed, Jul 16, 2014 at 12:45 PM, Andy Lutomirski [off-list ref] wrote:

quoted

In seccomp_prepare_user_filter, would it make sense to return -EINVAL
if !user_filter?  That will make it slightly more pleasant to
implement TSYNC-without-change if anyone ever wants it.  (This isn't
really necessary -- it's just slightly more polite.)

I can't do this since EFAULT is already used to detect seccomp
capabilities from userspace.

Aha.  In that case, can you (separately) send a prctl.2 manpage patch
documenting that?  Also, I'm pretty sure you can get away with doing
this for seccomp(2) -- EINVAL and ENOSYS are easily distinguishable,
but the current behavior is IMO also fine if documented.

--Andy

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help