[PATCH v2 2/4] seccomp: Configurable separator for the actions_logged string

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: tyhicks@canonical.com (Tyler Hicks)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v2 2/4] seccomp: Configurable separator for the actions_logged string
Date: Wed,  2 May 2018 15:53:18 +0000	[thread overview]
Message-ID: <1525276400-7161-3-git-send-email-tyhicks@canonical.com> (raw)
In-Reply-To: <1525276400-7161-1-git-send-email-tyhicks@canonical.com>

The function that converts a bitmask of seccomp actions that are
allowed to be logged is currently only used for constructing the display
string for the kernel.seccomp.actions_logged sysctl. That string wants a
space character to be used for the separator between actions.

A future patch will make use of the same function for building a string
that will be sent to the audit subsystem for tracking modifications to
the kernel.seccomp.actions_logged sysctl. That string will need to use a
comma as a separator. This patch allows the separator character to be
configurable to meet both needs.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
---
 kernel/seccomp.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index f4afe67..b36ac1e 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1135,10 +1135,11 @@ static const struct seccomp_log_name seccomp_log_names[] = {
 };
 
 static bool seccomp_names_from_actions_logged(char *names, size_t size,
-					      u32 actions_logged)
+					      u32 actions_logged,
+					      const char *sep)
 {
 	const struct seccomp_log_name *cur;
-	bool append_space = false;
+	bool append_sep = false;
 
 	for (cur = seccomp_log_names; cur->name && size; cur++) {
 		ssize_t ret;
@@ -1146,15 +1147,15 @@ static bool seccomp_names_from_actions_logged(char *names, size_t size,
 		if (!(actions_logged & cur->log))
 			continue;
 
-		if (append_space) {
-			ret = strscpy(names, " ", size);
+		if (append_sep) {
+			ret = strscpy(names, sep, size);
 			if (ret < 0)
 				return false;
 
 			names += ret;
 			size -= ret;
 		} else
-			append_space = true;
+			append_sep = true;
 
 		ret = strscpy(names, cur->name, size);
 		if (ret < 0)
@@ -1208,7 +1209,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
 	memset(names, 0, sizeof(names));
 
 	if (!seccomp_names_from_actions_logged(names, sizeof(names),
-					       seccomp_actions_logged))
+					       seccomp_actions_logged, " "))
 		return -EINVAL;
 
 	table = *ro_table;
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info@ http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2018-05-02 15:53 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-02 15:53 [PATCH v2 0/4] Better integrate seccomp logging and auditing Tyler Hicks
2018-05-02 15:53 ` [PATCH v2 1/4] seccomp: Separate read and write code for actions_logged sysctl Tyler Hicks
2018-05-02 21:01   ` James Morris
2018-05-02 15:53 ` Tyler Hicks [this message]
2018-05-02 21:11   ` [PATCH v2 2/4] seccomp: Configurable separator for the actions_logged string James Morris
2018-05-02 15:53 ` [PATCH v2 3/4] seccomp: Audit attempts to modify the actions_logged sysctl Tyler Hicks
2018-05-02 18:18   ` Steve Grubb
2018-05-03 20:18     ` Paul Moore
2018-05-03 20:42       ` Steve Grubb
2018-05-03 20:48         ` Paul Moore
     [not found]           ` <d8e1c48b-70d0-13a7-e563-755a8760b25f@canonical.com>
2018-05-03 21:12             ` Steve Grubb
     [not found]               ` <e23b61ec-9400-4c40-cdb1-92d224f05967@canonical.com>
2018-05-03 23:18                 ` Steve Grubb
2018-05-02 21:17   ` James Morris
2018-05-02 15:53 ` [PATCH v2 4/4] seccomp: Don't special case audited processes when logging Tyler Hicks
2018-05-02 16:57   ` Kees Cook
2018-05-03  2:32     ` Paul Moore

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f4afe67 dfblob:b36ac1e )
 OR (
bs:"[PATCH v2 2/4] seccomp: Configurable separator for the actions_logged string" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1525276400-7161-3-git-send-email-tyhicks@canonical.com \
    --to=tyhicks@canonical.com \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).