Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering

(off-list ancestor, not in this archive)
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Kees Cook <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-29
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering · David Laight <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Pavel Machek <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Frederic Weisbecker <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · arnd@arndb.de (Arnd Bergmann) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · arnd@arndb.de (Arnd Bergmann) · 2011-05-15
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16

STALE5469d

From: Peter Zijlstra <peterz@infradead.org>
Date: 2011-05-13 15:23:01
Also in: linux-arm-kernel, linuxppc-dev

On Fri, 2011-05-13 at 11:10 -0400, Eric Paris wrote:

Then again, I certainly don't see a
reason that this syscall hardening patch should be held up while a whole
new concept in computer security is contemplated...

Which makes me wonder why this syscall hardening stuff is done outside
of LSM? Why isn't is part of the LSM so that say SELinux can have a
syscall bitmask per security context?

Making it part of the LSM also avoids having to add this prctl().

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help