From: Corey Bryant <coreyb@linux.vnet.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org, jmorris@namei.org,
wad@chromium.org, pmoore@redhat.com, otubo@linux.vnet.ibm.com
Subject: [PATCH 1/3] seccomp: Add SECCOMP_RET_INFO return value
Date: Tue, 18 Dec 2012 16:50:47 -0500 [thread overview]
Message-ID: <1355867449-3209-1-git-send-email-coreyb@linux.vnet.ibm.com> (raw)
Adds a new return value to seccomp filters that causes an
informational kernel message to be printed. The message
includes the system call number.
This can be used to learn the system calls that a process
is using.
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
---
include/uapi/linux/seccomp.h | 1 +
kernel/seccomp.c | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index ac2dc9f..0086626 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -22,6 +22,7 @@
#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */
#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */
#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */
+#define SECCOMP_RET_INFO 0x7ff70000U /* print info message and allow */
#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */
/* Masks for the return value sections. */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 5af44b5..854f628 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -433,6 +433,10 @@ int __secure_computing(int this_syscall)
goto skip; /* Explicit request to skip. */
return 0;
+ case SECCOMP_RET_INFO:
+ if (printk_ratelimit())
+ pr_info("seccomp: syscall=%d\n", this_syscall);
+ return 0;
case SECCOMP_RET_ALLOW:
return 0;
case SECCOMP_RET_KILL:
--
1.7.11.7
next reply other threads:[~2012-12-18 21:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-18 21:50 Corey Bryant [this message]
2012-12-18 22:22 ` [PATCH 1/3] seccomp: Add SECCOMP_RET_INFO return value Will Drewry
2012-12-19 14:56 ` Corey Bryant
2012-12-19 15:28 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1355867449-3209-1-git-send-email-coreyb@linux.vnet.ibm.com \
--to=coreyb@linux.vnet.ibm.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=otubo@linux.vnet.ibm.com \
--cc=pmoore@redhat.com \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).