Bug#676257: ITP: libseccomp -- High level interface to the Linux Kernel's seccomp filter

Tue, 05 Jun 2012 15:17:13 -0700 

Hi Ben,

On Tue, Jun 05, 2012 at 08:43:21PM +0100, Ben Hutchings wrote:
> On Tue, 2012-06-05 at 11:07 -0700, Kees Cook wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Kees Cook <k...@debian.org>
> > 
> > * Package name    : libseccomp
> >   Version         : 0.1.0
> >   Upstream Author : Paul Moore <pmo...@redhat.com>
> > * URL             : https://sourceforge.net/projects/libseccomp/
> > * License         : LGPLv2
> >   Programming Lang: C
> >   Description     : High level interface to the Linux Kernel's seccomp 
> > filter
> > 
> > This library provides a high level interface to constructing, analyzing
> > and installing seccomp filters via a BPF passed to the Linux Kernel's
> > prctl() syscall.
> 
> So are you going to help us with backporting this to Linux 3.2
> (bug #675615) or is this supposed to be post-wheezy?

The 3.2 backport can be lifted from the Ubuntu kernel[1], but libseccomp
can build regardless of kernel support. I just want to make sure it gets
into the archive in time for projects to start linking against it.

-Kees

[1] git://kernel.ubuntu.com/ubuntu/ubuntu-precise.git
8f3bc80 UBUNTU: SAUCE: SECCOMP: adjust prctl constant
426ae7e UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations
5125a0c UBUNTU: SAUCE: SECCOMP: Documentation: prctl/seccomp_filter
9fe7d2f UBUNTU: SAUCE: SECCOMP: x86: Enable HAVE_ARCH_SECCOMP_FILTER
f90be55 UBUNTU: SAUCE: SECCOMP: ptrace,seccomp: Add PTRACE_SECCOMP support
d9157b0 UBUNTU: SAUCE: SECCOMP: seccomp: Add SECCOMP_RET_TRAP
815c5af UBUNTU: SAUCE: SECCOMP: signal, x86: add SIGSYS info and make it 
synchronous.
7ad6853 UBUNTU: SAUCE: SECCOMP: seccomp: add SECCOMP_RET_ERRNO
f9fbf9f UBUNTU: SAUCE: SECCOMP: seccomp: remove duplicated failure logging
7846755 UBUNTU: SAUCE: SECCOMP: seccomp: add system call filtering using BPF
289c05b UBUNTU: SAUCE: SECCOMP: asm/syscall.h: add syscall_get_arch
177ef2e UBUNTU: SAUCE: SECCOMP: arch/x86: add syscall_get_arch to syscall.h
a115718 UBUNTU: SAUCE: SECCOMP: seccomp: kill the seccomp_t typedef
e35e75b UBUNTU: SAUCE: SECCOMP: net/compat.c,linux/filter.h: share 
compat_sock_fprog
f60cccd UBUNTU: SAUCE: SECCOMP: sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
8370a7f UBUNTU: SAUCE: SECCOMP: Fix apparmor for PR_{GET,SET}_NO_NEW_PRIVS
be4b587 UBUNTU: SAUCE: SECCOMP: Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve 
from granting privs

And then enable CONFIG_SECCOMP_FILTER for x86 arches.

-- 
Kees Cook                                            @debian.org



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to