From: Eduardo Otubo <otubo@linux.vnet.ibm.com>
To: Will Drewry <wad@chromium.org>
Cc: linux-kernel@vger.kernel.org, keescook@chromium.org,
john.johansen@canonical.com, serge.hallyn@canonical.com,
coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com,
djm@mindrot.org, torvalds@linux-foundation.org,
segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org,
scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi,
viro@zeniv.linux.org.uk, luto@mit.edu, mingo@elte.hu,
akpm@linux-foundation.org, khilman@ti.com,
borislav.petkov@amd.com, amwang@redhat.com, oleg@redhat.com,
ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de,
dhowells@redhat.com, daniel.lezcano@free.fr,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, olofj@chromium.org,
mhalcrow@google.com, dlaor@redhat.com, corbet@lwn.net,
alan@lxorguk.ukuu.org.uk, indan@nul.nu, mcgrathr@chromium.org
Subject: Re: [PATCH v6 2/3] seccomp_filters: system call filtering using BPF
Date: Tue, 31 Jan 2012 12:13:02 -0200 [thread overview]
Message-ID: <20120131141302.GA25443@bluepex.com> (raw)
In-Reply-To: <1327788715-24076-2-git-send-email-wad@chromium.org>
On Sat, Jan 28, 2012 at 04:11:54PM -0600, Will Drewry wrote:
> [This patch depends on luto@mit.edu's no_new_privs patch:
> https://lkml.org/lkml/2012/1/12/446
> ]
Will,
I know you clearly pointed to use luto@mit.edu's first no_new_privs
patch, but I couldn't avoid to test it with the latest (and 3rd) version
of the patch [0]. Which defines PR_GET_NO_NEW_PRIVS as 37 as you can see
here [1]. The compilation then would break here:
CC kernel/sys.o
kernel/sys.c: In function ‘sys_prctl’:
kernel/sys.c:1975: error: duplicate case value
kernel/sys.c:1904: error: previously used here
make[1]: *** [kernel/sys.o] Error 1
make: *** [kernel] Error 2
I just changed the value of PR_ATTACH_SECCOMP_FILTER to 38 and
everything went fine. Do you see any problems on changing this value?
Regards,
[0] - https://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=heads
[1] -
https://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=blobdiff;f=include/linux/prctl.h;h=a6b5ac9cfe560eeb277646fbe338ae2b14c46caf;hp=7ddc7f1b480fd41318d94c0a39c8e2ff80f9c5f8;hb=7102b0e278af50d27b5d61d1be5faaba1b0a091e;hpb=acb42a3b611d7ad4cb173c3b37674b549df2ffeb
--
Eduardo Otubo
Software Engineer
Linux Technology Center
IBM Systems & Technology Group
Mobile: +55 19 8135 0885
eotubo@linux.vnet.ibm.com
next prev parent reply other threads:[~2012-01-31 14:13 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-28 22:11 [PATCH v6 1/3] seccomp: kill the seccomp_t typedef Will Drewry
2012-01-28 22:11 ` [PATCH v6 2/3] seccomp_filters: system call filtering using BPF Will Drewry
2012-01-31 14:13 ` Eduardo Otubo [this message]
2012-01-31 15:20 ` Will Drewry
2012-01-31 15:20 ` Will Drewry
2012-02-02 15:32 ` Serge E. Hallyn
2012-02-03 23:14 ` Will Drewry
2012-02-03 23:14 ` Will Drewry
2012-01-28 22:11 ` [PATCH v6 3/3] Documentation: prctl/seccomp_filter Will Drewry
2012-01-30 22:47 ` Corey Bryant
2012-01-30 22:52 ` Will Drewry
2012-02-02 15:29 ` [PATCH v6 1/3] seccomp: kill the seccomp_t typedef Serge E. Hallyn
2012-02-03 23:16 ` Will Drewry
2012-02-04 1:05 ` Linus Torvalds
2012-02-04 1:05 ` Linus Torvalds
2012-02-06 16:13 ` Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120131141302.GA25443@bluepex.com \
--to=otubo@linux.vnet.ibm.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=amwang@redhat.com \
--cc=avi@redhat.com \
--cc=borislav.petkov@amd.com \
--cc=corbet@lwn.net \
--cc=coreyb@linux.vnet.ibm.com \
--cc=daniel.lezcano@free.fr \
--cc=dhowells@redhat.com \
--cc=djm@mindrot.org \
--cc=dlaor@redhat.com \
--cc=eparis@redhat.com \
--cc=eric.dumazet@gmail.com \
--cc=gregkh@suse.de \
--cc=indan@nul.nu \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=khilman@ti.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@mit.edu \
--cc=mcgrathr@chromium.org \
--cc=mhalcrow@google.com \
--cc=mingo@elte.hu \
--cc=oleg@redhat.com \
--cc=olofj@chromium.org \
--cc=penberg@cs.helsinki.fi \
--cc=pmoore@redhat.com \
--cc=rostedt@goodmis.org \
--cc=scarybeasts@gmail.com \
--cc=segoon@openwall.com \
--cc=serge.hallyn@canonical.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.