On Fri, 20 Jan 2017, Kees Cook wrote: > Yup, I think this is fine. The additional kernel code executed before > the do_exit() is relatively limited, and is equivalent to leaving > kill(self, SIGSEGV) exposed in a seccomp filter. Setting an RLIMIT is > also sufficient to block the core generation, so really paranoid > environments can still do that. > > The forwarded ack stands: > > Acked-by: Kees Cook <keesc...@chromium.org> > > James, can you add this to your tree?
Mike, please resend the patch, I don't have it. -- James Morris <jmor...@namei.org>
