On Fri, Jun 12, 2015 at 04:29:00PM -0700, Kees Cook wrote:
> On Fri, Jun 12, 2015 at 4:27 PM, Andy Lutomirski wrote:
> > On Wed, Jun 10, 2015 at 1:18 PM, Kees Cook wrote:
> >> On Wed, Jun 10, 2015 at 10:20 AM, Andy Lutomirski
> >> wrote:
> >>> On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wro
On Fri, Jun 12, 2015 at 4:27 PM, Andy Lutomirski wrote:
> On Wed, Jun 10, 2015 at 1:18 PM, Kees Cook wrote:
>> On Wed, Jun 10, 2015 at 10:20 AM, Andy Lutomirski
>> wrote:
>>> On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wrote:
On 06/09, Andy Lutomirski wrote:
>
> On Tue, Jun 9,
On Wed, Jun 10, 2015 at 1:18 PM, Kees Cook wrote:
> On Wed, Jun 10, 2015 at 10:20 AM, Andy Lutomirski wrote:
>> On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wrote:
>>> On 06/09, Andy Lutomirski wrote:
On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
>
> @@ -556,6 +556,15 @@ s
On Wed, Jun 10, 2015 at 01:33:21PM -0700, Kees Cook wrote:
>
> And if I've convinced Andy to be okay with this patch, consider v4:
>
> Acked-by: Kees Cook
Thanks, I'm happy to send a v5 with checking seccomp (and
->ptrace & PT_SUSPEND_SECCOMP) if you'd feel better with that, Andy.
Tycho
--
To u
On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
wrote:
> This patch is the first step in enabling checkpoint/restore of processes
> with seccomp enabled.
>
> One of the things CRIU does while dumping tasks is inject code into them
> via ptrace to collect information that is only available to the pr
On 06/10, Kees Cook wrote:
>
> And sorry Tycho as we all disagree about how to disagree with
> your patch... :)
Yes ;)
So, just in case, I am fine with this version.
Andy wants another security check, OK, this is fine too to me.
Oleg.
--
To unsubscribe from this list: send the line "unsubscrib
On Wed, Jun 10, 2015 at 10:20 AM, Andy Lutomirski wrote:
> On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wrote:
>> On 06/09, Andy Lutomirski wrote:
>>>
>>> On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
>>> >
>>> > @@ -556,6 +556,15 @@ static int ptrace_setoptions(struct task_struct
>>> > *chil
On 06/10, Andy Lutomirski wrote:
>
> On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wrote:
> >
> > Andy, I simply can't understand why do we need any security check at all.
...
> I think we
> should take the more paranoid approach to start and relax it later as
> needed.
OK. I didn't really tried
On Wed, Jun 10, 2015 at 10:29 AM, Serge Hallyn wrote:
> Quoting Andy Lutomirski (l...@amacapital.net):
>> On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wrote:
>> > On 06/09, Andy Lutomirski wrote:
>> >>
>> >> On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
>> >> >
>> >> > @@ -556,6 +556,15 @@ sta
Quoting Andy Lutomirski (l...@amacapital.net):
> On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wrote:
> > On 06/09, Andy Lutomirski wrote:
> >>
> >> On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
> >> >
> >> > @@ -556,6 +556,15 @@ static int ptrace_setoptions(struct task_struct
> >> > *child, un
On Wed, Jun 10, 2015 at 9:31 AM, Oleg Nesterov wrote:
> On 06/09, Andy Lutomirski wrote:
>>
>> On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
>> >
>> > @@ -556,6 +556,15 @@ static int ptrace_setoptions(struct task_struct
>> > *child, unsigned long data)
>> > if (data & ~(unsigned long)PTR
On 06/09, Andy Lutomirski wrote:
>
> On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
> >
> > @@ -556,6 +556,15 @@ static int ptrace_setoptions(struct task_struct
> > *child, unsigned long data)
> > if (data & ~(unsigned long)PTRACE_O_MASK)
> > return -EINVAL;
> >
> > +
Hi Andy,
On Tue, Jun 09, 2015 at 06:08:42PM -0700, Andy Lutomirski wrote:
>
> > + if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
> > + if (!config_enabled(CONFIG_CHECKPOINT_RESTORE) ||
> > + !config_enabled(CONFIG_SECCOMP))
> > + return
On Tue, Jun 9, 2015 at 5:49 PM, Tycho Andersen
wrote:
> This patch is the first step in enabling checkpoint/restore of processes
> with seccomp enabled.
>
> One of the things CRIU does while dumping tasks is inject code into them
> via ptrace to collect information that is only available to the pr
14 matches
Mail list logo
