From: Eric Paris <eparis@redhat.com> To: Ingo Molnar <mingo@elte.hu> Cc: "Will Drewry" <wad@chromium.org>, linux-kernel@vger.kernel.org, kees.cook@canonical.com, agl@chromium.org, jmorris@namei.org, rostedt@goodmis.org, "Randy Dunlap" <rdunlap@xenotime.net>, "Linus Torvalds" <torvalds@linux-foundation.org>, "Andrew Morton" <akpm@linux-foundation.org>, "Tom Zanussi" <tzanussi@gmail.com>, "Frédéric Weisbecker" <fweisbec@gmail.com>, "Arnaldo Carvalho de Melo" <acme@redhat.com>, "Peter Zijlstra" <a.p.zijlstra@chello.nl>, "Thomas Gleixner" <tglx@linutronix.de> Subject: Re: [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works. Date: Thu, 28 Apr 2011 10:56:09 -0400 [thread overview] Message-ID: <1304002571.2101.38.camel@localhost.localdomain> (raw) In-Reply-To: <20110428070636.GC952@elte.hu> On Thu, 2011-04-28 at 09:06 +0200, Ingo Molnar wrote: > * Will Drewry <wad@chromium.org> wrote: > > > +A collection of filters may be supplied via prctl, and the current set of > > +filters is exposed in /proc/<pid>/seccomp_filter. > > + > > +For instance, > > + const char filters[] = > > + "sys_read: (fd == 1) || (fd == 2)\n" > > + "sys_write: (fd == 0)\n" > > + "sys_exit: 1\n" > > + "sys_exit_group: 1\n" > > + "on_next_syscall: 1"; > > + prctl(PR_SET_SECCOMP, 2, filters); > > + > > +This will setup system call filters for read, write, and exit where reading can > > +be done only from fds 1 and 2 and writing to fd 0. The "on_next_syscall" directive tells > > +seccomp to not enforce the ruleset until after the next system call is run. This allows > > +for launchers to apply system call filters to a binary before executing it. > > + > > +Once enabled, the access may only be reduced. For example, a set of filters may be: > > + > > + sys_read: 1 > > + sys_write: 1 > > + sys_mmap: 1 > > + sys_prctl: 1 > > + > > +Then it may call the following to drop mmap access: > > + prctl(PR_SET_SECCOMP, 2, "sys_mmap: 0"); > > Ok, color me thoroughly impressed Me too! > I've Cc:-ed Linus and Andrew: are you guys opposed to such flexible, dynamic > filters conceptually? I think we should really think hard about the actual ABI > as this could easily spread to more applications than Chrome/Chromium. I'll definitely port QEMU to use this new interface rather than my more rigid flexible (haha "rigid flexible") seccomp. I'll see if I run into any issues with this ABI in that porting... > Btw., i also think that such an approach is actually the sane(r) design to > implement security modules: using such filters is far more flexible than the > typical LSM approach of privileged user-space uploading various nasty objects > into kernel space and implementing silly (and limited and intrusive) hooks > there, like SElinux and the other security modules do. Then you are wrong. There's no question that this interface can provide great extensions to the current discretionary functionality provided by legacy security controls but if you actually want to mediate what tasks can do to other tasks or can do to arbitrary objects on the system this doesn't cut it. Every system call that takes or uses a structure as an argument or that uses copy_from_user (for something other than just unparsed data) is uncontrollable. This approach is great and with careful coding of userspace apps can be made very useful in constraining those apps, but a replacement for mandatory access control it is not. > This approach also has the ability to become recursive (gets inherited by child > tasks, which could add their own filters) and unprivileged - unlike LSMs. LSMs have that ability. There's nothing to prevent a module loading service to allow unpriv applications to further constrain themselves. It's just the different between DAC and MAC. You are clearly a DAC guy, and there is no question this change is great in that mindset, but you don't seem to understand either the flexibility of the LSM or the purpose of some of the modules implemented on top of the LSM. > I like this *a lot* more than any security sandboxing approach i've seen > before. I like this *a lot*. It will be a HUGE addition to the security sandboxing approaches I've seen before. -Eric
next prev parent reply other threads:[~2011-04-28 14:56 UTC|newest]
Thread overview: 406+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-28 3:08 [PATCH 2/7] tracing: split out syscall_trace_enter construction Will Drewry
2011-04-28 3:08 ` [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering Will Drewry
2011-04-28 13:50 ` Steven Rostedt
2011-04-28 15:30 ` Will Drewry
2011-04-28 16:20 ` Serge E. Hallyn
2011-04-28 16:56 ` Steven Rostedt
2011-04-28 18:02 ` Will Drewry
2011-04-28 14:29 ` Frederic Weisbecker
2011-04-28 15:15 ` Will Drewry
2011-04-28 15:57 ` Frederic Weisbecker
2011-04-28 16:05 ` Will Drewry
2011-04-28 15:12 ` Frederic Weisbecker
2011-04-28 15:20 ` Frederic Weisbecker
2011-04-28 15:29 ` Will Drewry
2011-04-28 16:13 ` Frederic Weisbecker
2011-04-28 16:48 ` Will Drewry
2011-04-28 17:36 ` Frederic Weisbecker
2011-04-28 18:21 ` Will Drewry
2011-04-28 16:28 ` Steven Rostedt
2011-04-28 16:53 ` Will Drewry
2011-04-28 16:55 ` Serge E. Hallyn
2011-04-28 17:16 ` Steven Rostedt
2011-04-28 17:39 ` Serge E. Hallyn
2011-04-28 18:01 ` Will Drewry
2011-04-28 18:21 ` Steven Rostedt
2011-04-28 18:34 ` Will Drewry
2011-04-28 18:54 ` Serge E. Hallyn
2011-04-28 19:07 ` Steven Rostedt
2011-05-12 3:02 ` [PATCH 3/5] v2 seccomp_filters: " Will Drewry
2011-05-12 3:02 ` Will Drewry
2011-05-12 3:02 ` Will Drewry
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 9:24 ` Kees Cook
2011-05-12 9:24 ` Kees Cook
2011-05-12 9:24 ` Kees Cook
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 11:44 ` James Morris
2011-05-12 11:44 ` James Morris
2011-05-12 11:44 ` James Morris
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 16:26 ` Will Drewry
2011-05-12 16:26 ` Will Drewry
2011-05-12 16:26 ` Will Drewry
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 14:42 ` Will Drewry
2011-05-16 14:42 ` Will Drewry
2011-05-16 14:42 ` Will Drewry
2011-05-13 0:18 ` James Morris
2011-05-13 0:18 ` James Morris
2011-05-13 0:18 ` James Morris
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 15:27 ` Peter Zijlstra
2011-05-13 15:27 ` Peter Zijlstra
2011-05-13 15:27 ` Peter Zijlstra
2011-05-14 7:05 ` Ingo Molnar
2011-05-14 7:05 ` Ingo Molnar
2011-05-14 7:05 ` Ingo Molnar
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 17:03 ` Steven Rostedt
2011-05-16 17:03 ` Steven Rostedt
2011-05-16 17:03 ` Steven Rostedt
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:19 ` Ingo Molnar
2011-05-17 13:19 ` Ingo Molnar
2011-05-17 13:19 ` Ingo Molnar
2011-05-19 4:07 ` Will Drewry
2011-05-19 4:07 ` Will Drewry
2011-05-19 4:07 ` Will Drewry
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 21:05 ` Will Drewry
2011-05-19 21:05 ` Will Drewry
2011-05-19 21:05 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 17:43 ` Peter Zijlstra
2011-05-25 17:43 ` Peter Zijlstra
2011-05-25 17:43 ` Peter Zijlstra
2011-05-29 20:17 ` Ingo Molnar
2011-05-29 20:17 ` Ingo Molnar
2011-05-29 20:17 ` Ingo Molnar
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 18:01 ` Kees Cook
2011-05-25 18:42 ` Linus Torvalds
2011-05-25 19:06 ` Ingo Molnar
2011-05-25 19:54 ` Will Drewry
2011-05-25 19:11 ` Kees Cook
2011-05-25 20:01 ` Linus Torvalds
2011-05-25 20:19 ` Ingo Molnar
2011-06-09 9:00 ` Sven Anders
2011-05-26 14:37 ` Colin Walters
2011-05-26 15:03 ` Linus Torvalds
2011-05-26 15:28 ` Colin Walters
2011-05-26 16:33 ` Will Drewry
2011-05-26 16:46 ` Linus Torvalds
2011-05-26 17:02 ` Will Drewry
2011-05-26 17:04 ` Will Drewry
2011-05-26 17:17 ` Linus Torvalds
2011-05-26 17:38 ` Will Drewry
2011-05-26 18:33 ` Linus Torvalds
2011-05-26 18:47 ` Ingo Molnar
2011-05-26 19:05 ` david
2011-05-26 19:09 ` Eric Paris
2011-05-26 19:46 ` Ingo Molnar
2011-05-26 19:49 ` david
2011-05-26 18:49 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 01/13] tracing: split out filter initialization and clean up Will Drewry
2011-06-01 3:10 ` [PATCH v3 02/13] tracing: split out syscall_trace_enter construction Will Drewry
2011-06-01 7:00 ` Ingo Molnar
2011-06-01 17:15 ` Will Drewry
2011-06-02 14:29 ` Ingo Molnar
2011-06-02 15:18 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 03/13] seccomp_filters: new mode with configurable syscall filters Will Drewry
2011-06-02 17:36 ` Paul E. McKenney
2011-06-02 18:14 ` Will Drewry
2011-06-02 19:42 ` Paul E. McKenney
2011-06-02 20:28 ` Will Drewry
2011-06-02 20:46 ` Steven Rostedt
2011-06-02 21:12 ` Paul E. McKenney
2011-06-01 3:10 ` [PATCH v3 04/13] seccomp_filter: add process state reporting Will Drewry
2011-06-01 3:10 ` [PATCH v3 05/13] seccomp_filter: Document what seccomp_filter is and how it works Will Drewry
2011-06-01 21:23 ` Kees Cook
2011-06-01 23:03 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 06/13] x86: add HAVE_SECCOMP_FILTER and seccomp_execve Will Drewry
2011-06-01 3:10 ` [PATCH v3 07/13] arm: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 08/13] microblaze: select HAVE_SECCOMP_FILTER and provide seccomp_execve Will Drewry
2011-06-01 5:37 ` Michal Simek
2011-06-01 3:10 ` [PATCH v3 09/13] mips: " Will Drewry
2011-06-01 3:10 ` [PATCH v3 10/13] s390: " Will Drewry
2011-06-01 3:10 ` [PATCH v3 11/13] powerpc: " Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 12/13] sparc: " Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:35 ` [PATCH v3 12/13] sparc: select HAVE_SECCOMP_FILTER and provide David Miller
2011-06-01 3:35 ` [PATCH v3 12/13] sparc: select HAVE_SECCOMP_FILTER and provide seccomp_execve David Miller
2011-06-01 3:10 ` [PATCH v3 13/13] sh: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-02 5:27 ` Paul Mundt
2011-06-02 5:27 ` Paul Mundt
2011-05-26 17:38 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering Valdis.Kletnieks
2011-05-26 18:08 ` Will Drewry
2011-05-26 18:22 ` Valdis.Kletnieks
2011-05-26 17:07 ` Steven Rostedt
2011-05-26 18:43 ` Casey Schaufler
2011-05-26 18:54 ` Steven Rostedt
2011-05-26 18:34 ` david
2011-05-26 18:54 ` Ingo Molnar
2011-05-26 1:19 ` James Morris
2011-05-26 6:08 ` Avi Kivity
2011-05-26 8:24 ` Ingo Molnar
2011-05-26 8:35 ` Pekka Enberg
2011-05-26 8:49 ` Avi Kivity
2011-05-26 8:57 ` Pekka Enberg
[not found] ` <20110526085939.GG29458@redhat.com>
2011-05-26 10:38 ` Ingo Molnar
2011-05-26 10:46 ` Avi Kivity
2011-05-26 10:46 ` Gleb Natapov
2011-05-26 11:11 ` Ingo Molnar
2011-05-26 9:30 ` Ingo Molnar
2011-05-26 9:48 ` Ingo Molnar
2011-05-26 11:02 ` Avi Kivity
2011-05-26 11:16 ` Ingo Molnar
2011-05-26 10:56 ` Avi Kivity
2011-05-26 11:38 ` Ingo Molnar
2011-05-26 18:06 ` Avi Kivity
2011-05-26 18:15 ` Ingo Molnar
2011-05-26 18:20 ` Avi Kivity
2011-05-26 18:36 ` Ingo Molnar
2011-05-26 18:43 ` Valdis.Kletnieks
2011-05-26 18:50 ` Ingo Molnar
2011-05-26 18:22 ` Peter Zijlstra
2011-05-26 18:38 ` Ingo Molnar
2011-05-27 0:12 ` James Morris
2011-05-29 16:51 ` Aneesh Kumar K.V
2011-05-29 17:02 ` Linus Torvalds
2011-05-29 18:23 ` Al Viro
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:25 ` Kees Cook
2011-05-25 19:09 ` Ingo Molnar
2011-05-25 16:40 ` Will Drewry
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:29 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering David Laight
2011-05-13 15:29 ` David Laight
2011-05-13 15:29 ` David Laight
2011-05-13 15:29 ` David Laight
2011-05-16 12:03 ` Ingo Molnar
2011-05-16 12:03 ` Ingo Molnar
2011-05-16 12:03 ` Ingo Molnar
2011-05-13 12:49 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering Ingo Molnar
2011-05-13 12:49 ` Ingo Molnar
2011-05-13 12:49 ` Ingo Molnar
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:55 ` Eric Paris
2011-05-13 15:55 ` Eric Paris
2011-05-13 15:55 ` Eric Paris
2011-05-13 16:29 ` Will Drewry
2011-05-13 16:29 ` Will Drewry
2011-05-13 16:29 ` Will Drewry
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 15:29 ` Will Drewry
2011-05-16 15:29 ` Will Drewry
2011-05-16 15:29 ` Will Drewry
2011-05-17 12:57 ` Ingo Molnar
2011-05-17 12:57 ` Ingo Molnar
2011-05-17 12:57 ` Ingo Molnar
2011-05-16 0:36 ` James Morris
2011-05-16 0:36 ` James Morris
2011-05-16 0:36 ` James Morris
2011-05-16 15:08 ` Ingo Molnar
2011-05-16 15:08 ` Ingo Molnar
2011-05-16 15:08 ` Ingo Molnar
2011-05-17 2:24 ` James Morris
2011-05-17 2:24 ` James Morris
2011-05-17 2:24 ` James Morris
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 18:34 ` Ingo Molnar
2011-05-17 18:34 ` Ingo Molnar
2011-05-17 18:34 ` Ingo Molnar
2011-05-26 6:27 ` Pavel Machek
2011-05-26 6:27 ` Pavel Machek
2011-05-26 6:27 ` Pavel Machek
2011-05-26 8:35 ` Ingo Molnar
2011-05-26 8:35 ` Ingo Molnar
2011-05-26 8:35 ` Ingo Molnar
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 11:33 ` James Morris
2011-05-12 11:33 ` James Morris
2011-05-12 11:33 ` James Morris
2011-05-13 19:35 ` Arnd Bergmann
2011-05-13 19:35 ` Arnd Bergmann
2011-05-13 19:35 ` Arnd Bergmann
2011-05-14 20:58 ` Will Drewry
2011-05-14 20:58 ` Will Drewry
2011-05-14 20:58 ` Will Drewry
2011-05-15 6:42 ` Arnd Bergmann
2011-05-15 6:42 ` Arnd Bergmann
2011-05-15 6:42 ` Arnd Bergmann
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:28 ` Will Drewry
2011-05-16 15:28 ` Will Drewry
2011-05-16 15:28 ` Will Drewry
2011-04-28 19:06 ` [PATCH 3/7] seccomp_filter: " Steven Rostedt
2011-04-28 18:51 ` Serge E. Hallyn
2011-05-03 8:39 ` Avi Kivity
2011-04-28 3:08 ` [PATCH 4/7] seccomp_filter: add process state reporting Will Drewry
2011-04-28 3:21 ` KOSAKI Motohiro
2011-04-28 3:24 ` Will Drewry
2011-04-28 3:40 ` Al Viro
2011-04-28 3:43 ` Will Drewry
2011-04-28 22:54 ` James Morris
2011-05-02 10:08 ` Will Drewry
2011-05-12 3:04 ` [PATCH 4/5] v2 " Will Drewry
2011-04-28 3:08 ` [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works Will Drewry
2011-04-28 7:06 ` Ingo Molnar
2011-04-28 14:56 ` Eric Paris [this message]
2011-04-28 18:37 ` Will Drewry
2011-04-29 13:18 ` Frederic Weisbecker
2011-04-29 16:13 ` Will Drewry
2011-05-03 1:29 ` Frederic Weisbecker
2011-05-03 1:47 ` Frederic Weisbecker
2011-05-04 9:15 ` Will Drewry
2011-05-04 9:29 ` Will Drewry
2011-05-04 17:52 ` Frederic Weisbecker
2011-05-04 18:23 ` Steven Rostedt
2011-05-04 18:30 ` Frederic Weisbecker
2011-05-04 18:46 ` Steven Rostedt
2011-05-05 9:21 ` Will Drewry
2011-05-05 13:14 ` Serge E. Hallyn
2011-05-12 3:20 ` Will Drewry
2011-05-06 11:53 ` Steven Rostedt
2011-05-06 13:35 ` Eric Paris
2011-05-07 1:58 ` Will Drewry
2011-05-12 3:04 ` [PATCH 5/5] v2 " Will Drewry
2011-05-06 16:30 ` [PATCH 5/7] " Eric Paris
2011-05-07 2:11 ` Will Drewry
2011-05-04 12:16 ` Steven Rostedt
2011-05-04 15:54 ` Eric Paris
2011-05-04 16:06 ` Steven Rostedt
2011-05-04 16:22 ` Eric Paris
2011-05-04 16:39 ` Steven Rostedt
2011-05-04 18:02 ` Eric Paris
2011-05-04 17:03 ` Frederic Weisbecker
2011-05-04 17:55 ` Eric Paris
2011-04-28 17:43 ` Serge E. Hallyn
2011-04-28 15:46 ` Randy Dunlap
2011-04-28 18:23 ` Will Drewry
2011-04-28 3:08 ` [PATCH 6/7] include/linux/syscalls.h: add __ layer of macros with return types Will Drewry
2011-04-28 3:08 ` [PATCH 7/7] arch/x86: hook int returning system calls Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1304002571.2101.38.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=agl@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=jmorris@namei.org \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rdunlap@xenotime.net \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tzanussi@gmail.com \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.