From: Frederic Weisbecker <fweisbec@gmail.com>
To: Will Drewry <wad@chromium.org>
Cc: Eric Paris <eparis@redhat.com>, Ingo Molnar <mingo@elte.hu>,
linux-kernel@vger.kernel.org, kees.cook@canonical.com,
agl@chromium.org, jmorris@namei.org, rostedt@goodmis.org,
Randy Dunlap <rdunlap@xenotime.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Tom Zanussi <tzanussi@gmail.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works.
Date: Wed, 4 May 2011 19:52:33 +0200 [thread overview]
Message-ID: <20110504175229.GB1804@nowhere> (raw)
In-Reply-To: <BANLkTimPFHwJfqXHShnOt7mBp84NQQNWDw@mail.gmail.com>
On Wed, May 04, 2011 at 02:15:47AM -0700, Will Drewry wrote:
> Okay - so I *think* I'm following. I really like the use of SET and
> GET to allow for further constraint based on additional argument
> restrictions instead of purely reducing the filters available. The
> only part I'm stumbling on is using APPLY on a per-filter basis. In
> my current implementation, I consider APPLY to be the global enable
> bit. Whatever filters are set become set in stone and only &&s are
> handled. I'm not sure I understand why it would make sense to do a
> per-syscall-filter apply call.
Nope it's still a global apply..
> It's certainly doable, but it will
> mean that we may be logically storing something like:
>
> __NR_foo: (a == 1 || a == 2), applied
> __NR_foo: b == 2, not applied
> __NR_foo: c == 3, not applied
>
> after
>
> SECCOMP_FILTER_SET, __NR_foo, "a == 1 || a == 2"
> SECCOMP_FILTER_APPLY
> SECCOMP_FILTER_SET, __NR_foo, "b == 2"
> SECCOMP_FILTER_SET, __NR_foo, "c == 3"
No, the c == 3 would override b == 2.
> In that case, would a call to sys_foo even be tested against the
> non-applied constraints of b==2 or c==3?
No, not as long as it's not applied.
> Or would the call to set "c
> == 3" replace the "b == 2" entry. I'm not sure I see that the benefit
> exceeds the ambiguity that might introduce.
The rationale behind it is that as long as you haven't applied your filter,
you should be able to override it.
And the simplest way to override it is to do it completely. Remove what
was there before (that wasn't applied).
You could opt for a FILTER_DROP.
Let's take that example:
SECCOMP_FILTER_SET, __NR_foo, "b == 2"
SECCOMP_FILTER_SET, __NR_foo, "c == 3"
Following your logic, we should have "b == 2 && c == 3" after that.
How are you going to remove only the c == 3 sequence?
You would need SECCOMP_FILTER_DROP, __NR_foo, "c == 3"
That said, using a string with a filter expression as an id looks a
bit odd to me. That doesn't work anymore with "((c == 3))", or "c== 3",
unless you compare against the resulting tree but that's complicated.
I mean, that works, most of the time you keep your expression
and pass it as is. But the expression should be identified by its
meaning, not by some random language layout.
That also forces you to scatter your filter representation:
SECCOMP_FILTER_SET, __NR_foo, "b == 2"
SECCOMP_FILTER_SET, __NR_foo, "c == 3"
For me this shouldn't be different than
SECCOMP_FILTER_SET, __NR_foo, "b == 2 && c == 3"
Still nobody will be able to remove a part of the above expression.
So, I'm more for having something that removes everything not applied
than just a part of the non-applied filter.
Two possibilities I see:
SECCOMP_FILTER_SET, __NR_foo, "b == 2"
SECCOMP_FILTER_SET, __NR_foo, "c == 3"
// And result is "c == 3"
Or:
SECCOMP_FILTER_SET, __NR_foo, "b == 2"
SECCOMP_FILTER_SET, __NR_foo, "c == 3"
// And result is "b == 2 && c == 3"
SECCOMP_FILTER_RESET, __NR_foo //rewind to filter "0"
SECCOMP_FILTER_SET, __NR_foo, "c == 4"
// And result is "c == 4"
How does that look?
> However, if the default
> behavior it to always extend with &&, then a consumer of the interface
> could just do:
>
> SECCOMP_FILTER_SET, __NR_prctl, "option == 2"
> SECCOMP_FILTER_SET, __NR_foo, "a == 1 || a == 2"
> SECCOMP_FILTER_SET, __NR_foo, "b == 2"
> SECCOMP_FILTER_APPLY
>
> This would yield a final filter for foo of "(a == 1 || a == 2) && b ==
> 2". The call to APPLY would initiate the enforcement of the syscall
> filtering and enforce that no new filters may be added for syscalls
> that aren't already constrained. So you could still call
>
> SECCOMP_FILTER_SET, __NR_foo, "0"
>
> which is logically "((a == 1 || a == 2) && b == 2) && 0" and would be
> interpreted as just a DROP. But you could not do,
>
> SECCOMP_FILTER_SET, __NR_foo, "0"
> SECCOMP_FILTER_SET, __NR_foo, "1"
> or
> SECCOMP_FILTER_SET, __NR_read, "1"
Why?
"((a == 1 || a == 2) && b == 2) && 0 && 1"
or
"((a == 1 || a == 2) && b == 2) && 1"
does still follow our previous constraints.
>
> (since the implicit filter for all syscalls after an APPLY call should
> be "0" and additions would just be "0 && whatever").
If the default filter is 0 after apply, setting whatever afterward is
not an issue. You'll have "0 && whatever" which still means 0, that's fine.
>
> Am I missing something? If that makes sense, then we may even be able
> to reduce the extra directives by one and get a resulting interface
> that looks something like:
>
> /* Appends (&&) a new filter string for a syscall to the current
> filter value. "0" clears the filter. */
> prctl(PR_SET_SECCOMP_FILTER, syscall_nr, filter_string);
> /* Returns the current explicit filter string for a syscall */
> prctl(PR_GET_SECCOMP_FILTER, syscall_nr, buf, buflen);
So GET is eventually optional here, as a new filter automatically
append to the previous applied one.
But if a process needs some information about current filter, this
makes sense.
> /* Transition to a secure computing mode:
> * 1 - enables traditional seccomp behavior
> * 2 - enables seccomp filter enforcement and changes the implicit
> filter for syscalls from "1" to "0"
> */
> prctl(PR_SET_SECCOMP, mode);
>
> I'll set aside the v2 of the patch that uses ADD, DROP, and APPLY and
> work up a version with this interface. Do you (or anyone else :) feel
> strongly about per-syscall APPLY?
I'm still not sure what you meant by per syscall APPLY :)
> ~~
>
> As to the use of apply_on_exec, even if you whitelist: mmap, fstat64,
> brk, uname, open, read, close, set_thread_area, mprotect, munmap, and
> access _just_ to allow a process to be exec'd, it is still a
> significant reduction in kernel attack surface. Pairing that with a
> LSM, delayed chroot, etc could fill in the gaps with respect to a
> greater sandboxing solution. I'd certainly take that tradeoff for
> running binaries that I don't control the source for :) That said,
> LD_PRELOAD, ptrace injection, and other tricks could allow for the
> injection of a very targeted filterset, but I don't think that
> invalidates the on-exec case given the brittleness relying exclusively
> on such tactics. Does that seem reasonable?
Right. But then, does a default enable_on_exec behaviour really matches your
needs? Given your description, it seems that applying it on the next
fork would work too, as a random example.
next prev parent reply other threads:[~2011-05-04 17:52 UTC|newest]
Thread overview: 406+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-28 3:08 [PATCH 2/7] tracing: split out syscall_trace_enter construction Will Drewry
2011-04-28 3:08 ` [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering Will Drewry
2011-04-28 13:50 ` Steven Rostedt
2011-04-28 15:30 ` Will Drewry
2011-04-28 16:20 ` Serge E. Hallyn
2011-04-28 16:56 ` Steven Rostedt
2011-04-28 18:02 ` Will Drewry
2011-04-28 14:29 ` Frederic Weisbecker
2011-04-28 15:15 ` Will Drewry
2011-04-28 15:57 ` Frederic Weisbecker
2011-04-28 16:05 ` Will Drewry
2011-04-28 15:12 ` Frederic Weisbecker
2011-04-28 15:20 ` Frederic Weisbecker
2011-04-28 15:29 ` Will Drewry
2011-04-28 16:13 ` Frederic Weisbecker
2011-04-28 16:48 ` Will Drewry
2011-04-28 17:36 ` Frederic Weisbecker
2011-04-28 18:21 ` Will Drewry
2011-04-28 16:28 ` Steven Rostedt
2011-04-28 16:53 ` Will Drewry
2011-04-28 16:55 ` Serge E. Hallyn
2011-04-28 17:16 ` Steven Rostedt
2011-04-28 17:39 ` Serge E. Hallyn
2011-04-28 18:01 ` Will Drewry
2011-04-28 18:21 ` Steven Rostedt
2011-04-28 18:34 ` Will Drewry
2011-04-28 18:54 ` Serge E. Hallyn
2011-04-28 19:07 ` Steven Rostedt
2011-05-12 3:02 ` [PATCH 3/5] v2 seccomp_filters: " Will Drewry
2011-05-12 3:02 ` Will Drewry
2011-05-12 3:02 ` Will Drewry
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 7:48 ` Ingo Molnar
2011-05-12 9:24 ` Kees Cook
2011-05-12 9:24 ` Kees Cook
2011-05-12 9:24 ` Kees Cook
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 10:49 ` Ingo Molnar
2011-05-12 11:44 ` James Morris
2011-05-12 11:44 ` James Morris
2011-05-12 11:44 ` James Morris
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 13:01 ` Ingo Molnar
2011-05-12 16:26 ` Will Drewry
2011-05-12 16:26 ` Will Drewry
2011-05-12 16:26 ` Will Drewry
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 12:55 ` Ingo Molnar
2011-05-16 14:42 ` Will Drewry
2011-05-16 14:42 ` Will Drewry
2011-05-16 14:42 ` Will Drewry
2011-05-13 0:18 ` James Morris
2011-05-13 0:18 ` James Morris
2011-05-13 0:18 ` James Morris
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:10 ` Ingo Molnar
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:19 ` Peter Zijlstra
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:26 ` Ingo Molnar
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:39 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:43 ` Peter Zijlstra
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 12:54 ` Ingo Molnar
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:08 ` Peter Zijlstra
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:18 ` Ingo Molnar
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 14:57 ` Ingo Molnar
2011-05-13 15:27 ` Peter Zijlstra
2011-05-13 15:27 ` Peter Zijlstra
2011-05-13 15:27 ` Peter Zijlstra
2011-05-14 7:05 ` Ingo Molnar
2011-05-14 7:05 ` Ingo Molnar
2011-05-14 7:05 ` Ingo Molnar
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:23 ` Steven Rostedt
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 16:52 ` Ingo Molnar
2011-05-16 17:03 ` Steven Rostedt
2011-05-16 17:03 ` Steven Rostedt
2011-05-16 17:03 ` Steven Rostedt
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 12:42 ` Ingo Molnar
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:05 ` Steven Rostedt
2011-05-17 13:19 ` Ingo Molnar
2011-05-17 13:19 ` Ingo Molnar
2011-05-17 13:19 ` Ingo Molnar
2011-05-19 4:07 ` Will Drewry
2011-05-19 4:07 ` Will Drewry
2011-05-19 4:07 ` Will Drewry
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 12:22 ` Steven Rostedt
2011-05-19 21:05 ` Will Drewry
2011-05-19 21:05 ` Will Drewry
2011-05-19 21:05 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 15:59 ` Will Drewry
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:20 ` Peter Zijlstra
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 16:25 ` Thomas Gleixner
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:00 ` Will Drewry
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 19:54 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-24 20:10 ` Ingo Molnar
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 10:35 ` Thomas Gleixner
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 15:01 ` Ingo Molnar
2011-05-25 17:43 ` Peter Zijlstra
2011-05-25 17:43 ` Peter Zijlstra
2011-05-25 17:43 ` Peter Zijlstra
2011-05-29 20:17 ` Ingo Molnar
2011-05-29 20:17 ` Ingo Molnar
2011-05-29 20:17 ` Ingo Molnar
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 17:48 ` Thomas Gleixner
2011-05-25 18:01 ` Kees Cook
2011-05-25 18:42 ` Linus Torvalds
2011-05-25 19:06 ` Ingo Molnar
2011-05-25 19:54 ` Will Drewry
2011-05-25 19:11 ` Kees Cook
2011-05-25 20:01 ` Linus Torvalds
2011-05-25 20:19 ` Ingo Molnar
2011-06-09 9:00 ` Sven Anders
2011-05-26 14:37 ` Colin Walters
2011-05-26 15:03 ` Linus Torvalds
2011-05-26 15:28 ` Colin Walters
2011-05-26 16:33 ` Will Drewry
2011-05-26 16:46 ` Linus Torvalds
2011-05-26 17:02 ` Will Drewry
2011-05-26 17:04 ` Will Drewry
2011-05-26 17:17 ` Linus Torvalds
2011-05-26 17:38 ` Will Drewry
2011-05-26 18:33 ` Linus Torvalds
2011-05-26 18:47 ` Ingo Molnar
2011-05-26 19:05 ` david
2011-05-26 19:09 ` Eric Paris
2011-05-26 19:46 ` Ingo Molnar
2011-05-26 19:49 ` david
2011-05-26 18:49 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 01/13] tracing: split out filter initialization and clean up Will Drewry
2011-06-01 3:10 ` [PATCH v3 02/13] tracing: split out syscall_trace_enter construction Will Drewry
2011-06-01 7:00 ` Ingo Molnar
2011-06-01 17:15 ` Will Drewry
2011-06-02 14:29 ` Ingo Molnar
2011-06-02 15:18 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 03/13] seccomp_filters: new mode with configurable syscall filters Will Drewry
2011-06-02 17:36 ` Paul E. McKenney
2011-06-02 18:14 ` Will Drewry
2011-06-02 19:42 ` Paul E. McKenney
2011-06-02 20:28 ` Will Drewry
2011-06-02 20:46 ` Steven Rostedt
2011-06-02 21:12 ` Paul E. McKenney
2011-06-01 3:10 ` [PATCH v3 04/13] seccomp_filter: add process state reporting Will Drewry
2011-06-01 3:10 ` [PATCH v3 05/13] seccomp_filter: Document what seccomp_filter is and how it works Will Drewry
2011-06-01 21:23 ` Kees Cook
2011-06-01 23:03 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 06/13] x86: add HAVE_SECCOMP_FILTER and seccomp_execve Will Drewry
2011-06-01 3:10 ` [PATCH v3 07/13] arm: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 08/13] microblaze: select HAVE_SECCOMP_FILTER and provide seccomp_execve Will Drewry
2011-06-01 5:37 ` Michal Simek
2011-06-01 3:10 ` [PATCH v3 09/13] mips: " Will Drewry
2011-06-01 3:10 ` [PATCH v3 10/13] s390: " Will Drewry
2011-06-01 3:10 ` [PATCH v3 11/13] powerpc: " Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:10 ` [PATCH v3 12/13] sparc: " Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-01 3:35 ` [PATCH v3 12/13] sparc: select HAVE_SECCOMP_FILTER and provide David Miller
2011-06-01 3:35 ` [PATCH v3 12/13] sparc: select HAVE_SECCOMP_FILTER and provide seccomp_execve David Miller
2011-06-01 3:10 ` [PATCH v3 13/13] sh: select HAVE_SECCOMP_FILTER Will Drewry
2011-06-01 3:10 ` Will Drewry
2011-06-02 5:27 ` Paul Mundt
2011-06-02 5:27 ` Paul Mundt
2011-05-26 17:38 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering Valdis.Kletnieks
2011-05-26 18:08 ` Will Drewry
2011-05-26 18:22 ` Valdis.Kletnieks
2011-05-26 17:07 ` Steven Rostedt
2011-05-26 18:43 ` Casey Schaufler
2011-05-26 18:54 ` Steven Rostedt
2011-05-26 18:34 ` david
2011-05-26 18:54 ` Ingo Molnar
2011-05-26 1:19 ` James Morris
2011-05-26 6:08 ` Avi Kivity
2011-05-26 8:24 ` Ingo Molnar
2011-05-26 8:35 ` Pekka Enberg
2011-05-26 8:49 ` Avi Kivity
2011-05-26 8:57 ` Pekka Enberg
[not found] ` <20110526085939.GG29458@redhat.com>
2011-05-26 10:38 ` Ingo Molnar
2011-05-26 10:46 ` Avi Kivity
2011-05-26 10:46 ` Gleb Natapov
2011-05-26 11:11 ` Ingo Molnar
2011-05-26 9:30 ` Ingo Molnar
2011-05-26 9:48 ` Ingo Molnar
2011-05-26 11:02 ` Avi Kivity
2011-05-26 11:16 ` Ingo Molnar
2011-05-26 10:56 ` Avi Kivity
2011-05-26 11:38 ` Ingo Molnar
2011-05-26 18:06 ` Avi Kivity
2011-05-26 18:15 ` Ingo Molnar
2011-05-26 18:20 ` Avi Kivity
2011-05-26 18:36 ` Ingo Molnar
2011-05-26 18:43 ` Valdis.Kletnieks
2011-05-26 18:50 ` Ingo Molnar
2011-05-26 18:22 ` Peter Zijlstra
2011-05-26 18:38 ` Ingo Molnar
2011-05-27 0:12 ` James Morris
2011-05-29 16:51 ` Aneesh Kumar K.V
2011-05-29 17:02 ` Linus Torvalds
2011-05-29 18:23 ` Al Viro
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 8:43 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-26 9:15 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:08 ` Ingo Molnar
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:14 ` Steven Rostedt
2011-05-24 20:25 ` Kees Cook
2011-05-25 19:09 ` Ingo Molnar
2011-05-25 16:40 ` Will Drewry
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:17 ` Eric Paris
2011-05-13 15:29 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering David Laight
2011-05-13 15:29 ` David Laight
2011-05-13 15:29 ` David Laight
2011-05-13 15:29 ` David Laight
2011-05-16 12:03 ` Ingo Molnar
2011-05-16 12:03 ` Ingo Molnar
2011-05-16 12:03 ` Ingo Molnar
2011-05-13 12:49 ` [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering Ingo Molnar
2011-05-13 12:49 ` Ingo Molnar
2011-05-13 12:49 ` Ingo Molnar
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 13:55 ` Peter Zijlstra
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:02 ` Ingo Molnar
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:10 ` Eric Paris
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:23 ` Peter Zijlstra
2011-05-13 15:55 ` Eric Paris
2011-05-13 15:55 ` Eric Paris
2011-05-13 15:55 ` Eric Paris
2011-05-13 16:29 ` Will Drewry
2011-05-13 16:29 ` Will Drewry
2011-05-13 16:29 ` Will Drewry
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 7:30 ` Ingo Molnar
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-14 20:57 ` Will Drewry
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 12:43 ` Ingo Molnar
2011-05-16 15:29 ` Will Drewry
2011-05-16 15:29 ` Will Drewry
2011-05-16 15:29 ` Will Drewry
2011-05-17 12:57 ` Ingo Molnar
2011-05-17 12:57 ` Ingo Molnar
2011-05-17 12:57 ` Ingo Molnar
2011-05-16 0:36 ` James Morris
2011-05-16 0:36 ` James Morris
2011-05-16 0:36 ` James Morris
2011-05-16 15:08 ` Ingo Molnar
2011-05-16 15:08 ` Ingo Molnar
2011-05-16 15:08 ` Ingo Molnar
2011-05-17 2:24 ` James Morris
2011-05-17 2:24 ` James Morris
2011-05-17 2:24 ` James Morris
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:10 ` Ingo Molnar
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 13:29 ` James Morris
2011-05-17 18:34 ` Ingo Molnar
2011-05-17 18:34 ` Ingo Molnar
2011-05-17 18:34 ` Ingo Molnar
2011-05-26 6:27 ` Pavel Machek
2011-05-26 6:27 ` Pavel Machek
2011-05-26 6:27 ` Pavel Machek
2011-05-26 8:35 ` Ingo Molnar
2011-05-26 8:35 ` Ingo Molnar
2011-05-26 8:35 ` Ingo Molnar
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 12:15 ` Frederic Weisbecker
2011-05-12 11:33 ` James Morris
2011-05-12 11:33 ` James Morris
2011-05-12 11:33 ` James Morris
2011-05-13 19:35 ` Arnd Bergmann
2011-05-13 19:35 ` Arnd Bergmann
2011-05-13 19:35 ` Arnd Bergmann
2011-05-14 20:58 ` Will Drewry
2011-05-14 20:58 ` Will Drewry
2011-05-14 20:58 ` Will Drewry
2011-05-15 6:42 ` Arnd Bergmann
2011-05-15 6:42 ` Arnd Bergmann
2011-05-15 6:42 ` Arnd Bergmann
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 12:00 ` Ingo Molnar
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:26 ` Steven Rostedt
2011-05-16 15:28 ` Will Drewry
2011-05-16 15:28 ` Will Drewry
2011-05-16 15:28 ` Will Drewry
2011-04-28 19:06 ` [PATCH 3/7] seccomp_filter: " Steven Rostedt
2011-04-28 18:51 ` Serge E. Hallyn
2011-05-03 8:39 ` Avi Kivity
2011-04-28 3:08 ` [PATCH 4/7] seccomp_filter: add process state reporting Will Drewry
2011-04-28 3:21 ` KOSAKI Motohiro
2011-04-28 3:24 ` Will Drewry
2011-04-28 3:40 ` Al Viro
2011-04-28 3:43 ` Will Drewry
2011-04-28 22:54 ` James Morris
2011-05-02 10:08 ` Will Drewry
2011-05-12 3:04 ` [PATCH 4/5] v2 " Will Drewry
2011-04-28 3:08 ` [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works Will Drewry
2011-04-28 7:06 ` Ingo Molnar
2011-04-28 14:56 ` Eric Paris
2011-04-28 18:37 ` Will Drewry
2011-04-29 13:18 ` Frederic Weisbecker
2011-04-29 16:13 ` Will Drewry
2011-05-03 1:29 ` Frederic Weisbecker
2011-05-03 1:47 ` Frederic Weisbecker
2011-05-04 9:15 ` Will Drewry
2011-05-04 9:29 ` Will Drewry
2011-05-04 17:52 ` Frederic Weisbecker [this message]
2011-05-04 18:23 ` Steven Rostedt
2011-05-04 18:30 ` Frederic Weisbecker
2011-05-04 18:46 ` Steven Rostedt
2011-05-05 9:21 ` Will Drewry
2011-05-05 13:14 ` Serge E. Hallyn
2011-05-12 3:20 ` Will Drewry
2011-05-06 11:53 ` Steven Rostedt
2011-05-06 13:35 ` Eric Paris
2011-05-07 1:58 ` Will Drewry
2011-05-12 3:04 ` [PATCH 5/5] v2 " Will Drewry
2011-05-06 16:30 ` [PATCH 5/7] " Eric Paris
2011-05-07 2:11 ` Will Drewry
2011-05-04 12:16 ` Steven Rostedt
2011-05-04 15:54 ` Eric Paris
2011-05-04 16:06 ` Steven Rostedt
2011-05-04 16:22 ` Eric Paris
2011-05-04 16:39 ` Steven Rostedt
2011-05-04 18:02 ` Eric Paris
2011-05-04 17:03 ` Frederic Weisbecker
2011-05-04 17:55 ` Eric Paris
2011-04-28 17:43 ` Serge E. Hallyn
2011-04-28 15:46 ` Randy Dunlap
2011-04-28 18:23 ` Will Drewry
2011-04-28 3:08 ` [PATCH 6/7] include/linux/syscalls.h: add __ layer of macros with return types Will Drewry
2011-04-28 3:08 ` [PATCH 7/7] arch/x86: hook int returning system calls Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110504175229.GB1804@nowhere \
--to=fweisbec@gmail.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=agl@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rdunlap@xenotime.net \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tzanussi@gmail.com \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.