diff options
author | Kees Cook <keescook@chromium.org> | 2014-06-25 16:08:24 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2014-07-18 12:13:37 -0700 |
commit | 48dc92b9fc3926844257316e75ba11eb5c742b2c (patch) | |
tree | 2f35355b95a7c1473fd8d361b4f15a9f368999b4 /arch/Kconfig | |
parent | 3b23dd12846215eff4afb073366b80c0c4d7543e (diff) | |
download | lwn-48dc92b9fc3926844257316e75ba11eb5c742b2c.tar.gz lwn-48dc92b9fc3926844257316e75ba11eb5c742b2c.zip |
seccomp: add "seccomp" syscall
This adds the new "seccomp" syscall with both an "operation" and "flags"
parameter for future expansion. The third argument is a pointer value,
used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must
be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...).
In addition to the TSYNC flag later in this patch series, there is a
non-zero chance that this syscall could be used for configuring a fixed
argument area for seccomp-tracer-aware processes to pass syscall arguments
in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter"
for this syscall. Additionally, this syscall uses operation, flags,
and user pointer for arguments because strictly passing arguments via
a user pointer would mean seccomp itself would be unable to trivially
filter the seccomp syscall itself.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Diffstat (limited to 'arch/Kconfig')
-rw-r--r-- | arch/Kconfig | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 97ff872c7acc..0eae9df35b88 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -321,6 +321,7 @@ config HAVE_ARCH_SECCOMP_FILTER - secure_computing is called from a ptrace_event()-safe context - secure_computing return value is checked and a return value of -1 results in the system call being skipped immediately. + - seccomp syscall wired up config SECCOMP_FILTER def_bool y |