On Sun, Jan 22, 2017 at 4:10 PM, James Morris wrote: > On Fri, 20 Jan 2017, Kees Cook wrote: > > Yup, I think this is fine. The additional kernel code executed before > > the do_exit() is relatively limited, and is equivalent to leaving > > kill(self, SIGSEGV) exposed in a seccomp filter. Setting an RLIMIT is > > also sufficient to block the core generation, so really paranoid > > environments can still do that. > > > > The forwarded ack stands: > > > > Acked-by: Kees Cook <keesc...@chromium.org> > > > > James, can you add this to your tree? > > Mike, please resend the patch, I don't have it.
looks like patchwork grabbed it: https://patchwork.kernel.org/patch/9527359/ has a mbox link which should get you what you need ? -mike
