From: James Morris <james.l.morris@oracle.com>
To: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Alexei Starovoitov <ast@plumgrid.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Daniel Borkmann <dborkman@redhat.com>,
Will Drewry <wad@chromium.org>, Julien Tinnes <jln@chromium.org>,
David Drysdale <drysdale@google.com>,
Linux API <linux-api@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
linux-mips@linux-mips.org,
linux-arch <linux-arch@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v10 0/11] seccomp: add thread sync ability
Date: Tue, 15 Jul 2014 11:53:10 +1000 [thread overview]
Message-ID: <53C48986.5010109@oracle.com> (raw)
In-Reply-To: <CAGXu5jJJsiTxxn5UijkBz7jpWgqg01BS=Zc0WbHXbs0vH_xPMQ@mail.gmail.com>
On 07/15/2014 04:59 AM, Kees Cook wrote:
> Hi James,
>
> Is this series something you would carry in the security-next tree?
> That has traditionally been where seccomp features have landed in the
> past.
>
> -Kees
>
>
> On Fri, Jul 11, 2014 at 10:55 AM, Kees Cook <keescook@chromium.org> wrote:
>> On Fri, Jul 11, 2014 at 9:49 AM, Oleg Nesterov <oleg@redhat.com> wrote:
>>> On 07/10, Kees Cook wrote:
>>>>
>>>> This adds the ability for threads to request seccomp filter
>>>> synchronization across their thread group (at filter attach time).
>>>> For example, for Chrome to make sure graphic driver threads are fully
>>>> confined after seccomp filters have been attached.
>>>>
>>>> To support this, locking on seccomp changes via thread-group-shared
>>>> sighand lock is introduced, along with refactoring of no_new_privs. Races
>>>> with thread creation are handled via delayed duplication of the seccomp
>>>> task struct field and cred_guard_mutex.
>>>>
>>>> This includes a new syscall (instead of adding a new prctl option),
>>>> as suggested by Andy Lutomirski and Michael Kerrisk.
>>>
>>> I do not not see any problems in this version,
>>
>> Awesome! Thank you for all the reviews. :) If Andy and Michael are
>> happy with this too, I think this is in good shape. \o/
>>
>> -Kees
>>
>>>
>>> Reviewed-by: Oleg Nesterov <oleg@redhat.com>
>>>
>>
>>
>>
>> --
>> Kees Cook
>> Chrome OS Security
>
>
>
Yep, certainly.
WARNING: multiple messages have this Message-ID (diff)
From: james.l.morris@oracle.com (James Morris)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v10 0/11] seccomp: add thread sync ability
Date: Tue, 15 Jul 2014 11:53:10 +1000 [thread overview]
Message-ID: <53C48986.5010109@oracle.com> (raw)
In-Reply-To: <CAGXu5jJJsiTxxn5UijkBz7jpWgqg01BS=Zc0WbHXbs0vH_xPMQ@mail.gmail.com>
On 07/15/2014 04:59 AM, Kees Cook wrote:
> Hi James,
>
> Is this series something you would carry in the security-next tree?
> That has traditionally been where seccomp features have landed in the
> past.
>
> -Kees
>
>
> On Fri, Jul 11, 2014 at 10:55 AM, Kees Cook <keescook@chromium.org> wrote:
>> On Fri, Jul 11, 2014 at 9:49 AM, Oleg Nesterov <oleg@redhat.com> wrote:
>>> On 07/10, Kees Cook wrote:
>>>>
>>>> This adds the ability for threads to request seccomp filter
>>>> synchronization across their thread group (at filter attach time).
>>>> For example, for Chrome to make sure graphic driver threads are fully
>>>> confined after seccomp filters have been attached.
>>>>
>>>> To support this, locking on seccomp changes via thread-group-shared
>>>> sighand lock is introduced, along with refactoring of no_new_privs. Races
>>>> with thread creation are handled via delayed duplication of the seccomp
>>>> task struct field and cred_guard_mutex.
>>>>
>>>> This includes a new syscall (instead of adding a new prctl option),
>>>> as suggested by Andy Lutomirski and Michael Kerrisk.
>>>
>>> I do not not see any problems in this version,
>>
>> Awesome! Thank you for all the reviews. :) If Andy and Michael are
>> happy with this too, I think this is in good shape. \o/
>>
>> -Kees
>>
>>>
>>> Reviewed-by: Oleg Nesterov <oleg@redhat.com>
>>>
>>
>>
>>
>> --
>> Kees Cook
>> Chrome OS Security
>
>
>
Yep, certainly.
next prev parent reply other threads:[~2014-07-15 1:53 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-10 18:40 [PATCH v10 0/11] seccomp: add thread sync ability Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 01/11] seccomp: create internal mode-setting function Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 02/11] seccomp: extract check/assign mode helpers Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 03/11] seccomp: split mode setting routines Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 04/11] seccomp: add "seccomp" syscall Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 05/11] ARM: add seccomp syscall Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 06/11] MIPS: " Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 07/11] sched: move no_new_privs into new atomic flags Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 08/11] seccomp: split filter prep from check and apply Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 09/11] seccomp: introduce writer locking Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 10/11] seccomp: allow mode setting across threads Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-10 18:40 ` [PATCH v10 11/11] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC Kees Cook
2014-07-10 18:40 ` Kees Cook
2014-07-11 16:49 ` [PATCH v10 0/11] seccomp: add thread sync ability Oleg Nesterov
2014-07-11 16:49 ` Oleg Nesterov
2014-07-11 17:55 ` Kees Cook
2014-07-11 17:55 ` Kees Cook
[not found] ` <CAGXu5jK-x0=Rr7kX2a=b4Z8ueA77uwmhNZZAayG8cwmNOKa8Ug-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-14 18:59 ` Kees Cook
2014-07-14 18:59 ` Kees Cook
2014-07-14 18:59 ` Kees Cook
2014-07-15 1:53 ` James Morris [this message]
2014-07-15 1:53 ` James Morris
[not found] ` <53C48986.5010109-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2014-07-17 21:39 ` Andy Lutomirski
2014-07-17 21:39 ` Andy Lutomirski
2014-07-17 21:39 ` Andy Lutomirski
2014-07-14 19:04 ` Andy Lutomirski
2014-07-14 19:04 ` Andy Lutomirski
2014-07-14 19:04 ` Andy Lutomirski
[not found] ` <CALCETrVXgA9a2f7VwnCYW4_XB+JAPRSR8xsuH_ZYbA82=ZozRw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-14 20:34 ` Kees Cook
2014-07-14 20:34 ` Kees Cook
2014-07-14 20:34 ` Kees Cook
2014-07-16 17:54 ` Kees Cook
2014-07-16 17:54 ` Kees Cook
2014-07-16 19:45 ` Andy Lutomirski
2014-07-16 19:45 ` Andy Lutomirski
2014-07-16 21:23 ` Kees Cook
2014-07-16 21:23 ` Kees Cook
2014-07-16 21:27 ` Andy Lutomirski
2014-07-16 21:27 ` Andy Lutomirski
2014-07-16 16:44 ` James Morris
2014-07-16 16:44 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53C48986.5010109@oracle.com \
--to=james.l.morris@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=ast@plumgrid.com \
--cc=dborkman@redhat.com \
--cc=drysdale@google.com \
--cc=jln@chromium.org \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.