On Jul 29, 2014 10:57 PM, "Eric W. Biederman" wrote:
>
> Andy Lutomirski writes:
>
> > On Tue, Jul 29, 2014 at 9:08 PM, Eric W. Biederman
> > wrote:
> >> Andy Lutomirski writes:
> >>
> >>> On Mon, Jul 28, 2014 at 2:18 PM, Eric W. Biederman
> >>> wrote:
> Andy Lutomirski writes:
>
>
On Tue, Jul 29, 2014 at 9:08 PM, Eric W. Biederman
wrote:
> Andy Lutomirski writes:
>
>> On Mon, Jul 28, 2014 at 2:18 PM, Eric W. Biederman
>> wrote:
>>> Andy Lutomirski writes:
>>>
[cc: Eric Biederman]
>>>
Can we do one better and add a flag to prevent any non-self pid
look
Andy Lutomirski writes:
> On Mon, Jul 28, 2014 at 2:18 PM, Eric W. Biederman
> wrote:
>> Andy Lutomirski writes:
>>
>>> [cc: Eric Biederman]
>>>
>>
>>> Can we do one better and add a flag to prevent any non-self pid
>>> lookups? This might actually be easy on top of the pid namespace work
>>>
On Mon, Jul 28, 2014 at 2:18 PM, Eric W. Biederman
wrote:
> Andy Lutomirski writes:
>
>> [cc: Eric Biederman]
>>
>
>> Can we do one better and add a flag to prevent any non-self pid
>> lookups? This might actually be easy on top of the pid namespace work
>> (e.g. we could change the way that fin
Andy Lutomirski writes:
> [cc: Eric Biederman]
>
> Can we do one better and add a flag to prevent any non-self pid
> lookups? This might actually be easy on top of the pid namespace work
> (e.g. we could change the way that find_task_by_vpid works).
>
> It's far from just being signals. There'
On Fri, Jul 25, 2014 at 7:32 PM, Andy Lutomirski wrote:
> On Fri, Jul 25, 2014 at 11:22 AM, Julien Tinnes wrote:
>> On Fri, Jul 25, 2014 at 10:38 AM, Kees Cook wrote:
>>>
>>> On Fri, Jul 25, 2014 at 10:18 AM, Andy Lutomirski
>>> wrote:
>>> > [cc: Eric Biederman]
>>> >
>>> > On Fri, Jul 25, 2014
On Fri, Jul 25, 2014 at 6:18 PM, Andy Lutomirski wrote:
> [cc: Eric Biederman]
>
> On Fri, Jul 25, 2014 at 10:10 AM, Kees Cook wrote:
>> On Fri, Jul 25, 2014 at 8:59 AM, Andy Lutomirski wrote:
>>> On Jul 25, 2014 6:48 AM, "David Drysdale" wrote:
Add the current thread and thread group
On Fri, Jul 25, 2014 at 11:22 AM, Julien Tinnes wrote:
> On Fri, Jul 25, 2014 at 10:38 AM, Kees Cook wrote:
>>
>> On Fri, Jul 25, 2014 at 10:18 AM, Andy Lutomirski
>> wrote:
>> > [cc: Eric Biederman]
>> >
>> > On Fri, Jul 25, 2014 at 10:10 AM, Kees Cook
>> > wrote:
>>
>> >> Julien had been want
On Fri, Jul 25, 2014 at 10:38 AM, Kees Cook wrote:
> On Fri, Jul 25, 2014 at 10:18 AM, Andy Lutomirski wrote:
>> [cc: Eric Biederman]
>>
>> On Fri, Jul 25, 2014 at 10:10 AM, Kees Cook wrote:
>>> Julien had been wanting something like this too (though he'd suggested
>>> it via prctl): limit the
On Fri, Jul 25, 2014 at 10:18 AM, Andy Lutomirski wrote:
> [cc: Eric Biederman]
>
> On Fri, Jul 25, 2014 at 10:10 AM, Kees Cook wrote:
>> On Fri, Jul 25, 2014 at 8:59 AM, Andy Lutomirski wrote:
>>> On Jul 25, 2014 6:48 AM, "David Drysdale" wrote:
Add the current thread and thread grou
[cc: Eric Biederman]
On Fri, Jul 25, 2014 at 10:10 AM, Kees Cook wrote:
> On Fri, Jul 25, 2014 at 8:59 AM, Andy Lutomirski wrote:
>> On Jul 25, 2014 6:48 AM, "David Drysdale" wrote:
>>>
>>> Add the current thread and thread group IDs into the data
>>> available for seccomp-bpf programs to work
On Fri, Jul 25, 2014 at 8:59 AM, Andy Lutomirski wrote:
> On Jul 25, 2014 6:48 AM, "David Drysdale" wrote:
>>
>> Add the current thread and thread group IDs into the data
>> available for seccomp-bpf programs to work on. This allows
>> installation of filters that police syscalls based on thread
On Jul 25, 2014 6:48 AM, "David Drysdale" wrote:
>
> Add the current thread and thread group IDs into the data
> available for seccomp-bpf programs to work on. This allows
> installation of filters that police syscalls based on thread
> or process ID, e.g. tgkill(2)/kill(2)/prctl(2).
>
> Signed-o
Add the current thread and thread group IDs into the data
available for seccomp-bpf programs to work on. This allows
installation of filters that police syscalls based on thread
or process ID, e.g. tgkill(2)/kill(2)/prctl(2).
Signed-off-by: David Drysdale
---
include/uapi/linux/seccomp.h | 10 +
14 matches
Mail list logo
