* [PATCH] proc: add "Seccomp" to status
@ 2012-10-31 20:09 Kees Cook
2012-10-31 20:21 ` Cyrill Gorcunov
2012-11-01 0:11 ` Andrew Morton
0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2012-10-31 20:09 UTC (permalink / raw)
To: linux-kernel
Cc: Andrew Morton, Will Drewry, Kees Cook, Serge Hallyn,
Cyrill Gorcunov, KAMEZAWA Hiroyuki
Adds the seccomp mode to the /proc/$pid/status file so the state of
seccomp can be externally examined.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
fs/proc/array.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/proc/array.c b/fs/proc/array.c
index c1c207c..135d6ac 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -327,6 +327,13 @@ static inline void task_cap(struct seq_file *m, struct task_struct *p)
render_cap_t(m, "CapBnd:\t", &cap_bset);
}
+static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
+{
+#ifdef CONFIG_SECCOMP
+ seq_printf(m, "Seccomp:\t%d\n", p->seccomp.mode);
+#endif
+}
+
static inline void task_context_switch_counts(struct seq_file *m,
struct task_struct *p)
{
@@ -360,6 +367,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
}
task_sig(m, task);
task_cap(m, task);
+ task_seccomp(m, task);
task_cpus_allowed(m, task);
cpuset_task_status_allowed(m, task);
task_context_switch_counts(m, task);
--
1.7.9.5
--
Kees Cook
Chrome OS Security
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] proc: add "Seccomp" to status
2012-10-31 20:09 [PATCH] proc: add "Seccomp" to status Kees Cook
@ 2012-10-31 20:21 ` Cyrill Gorcunov
2012-11-01 0:11 ` Andrew Morton
1 sibling, 0 replies; 3+ messages in thread
From: Cyrill Gorcunov @ 2012-10-31 20:21 UTC (permalink / raw)
To: Kees Cook
Cc: linux-kernel, Andrew Morton, Will Drewry, Serge Hallyn,
KAMEZAWA Hiroyuki, Pavel Emelyanov
On Wed, Oct 31, 2012 at 01:09:27PM -0700, Kees Cook wrote:
> Adds the seccomp mode to the /proc/$pid/status file so the state of
> seccomp can be externally examined.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] proc: add "Seccomp" to status
2012-10-31 20:09 [PATCH] proc: add "Seccomp" to status Kees Cook
2012-10-31 20:21 ` Cyrill Gorcunov
@ 2012-11-01 0:11 ` Andrew Morton
1 sibling, 0 replies; 3+ messages in thread
From: Andrew Morton @ 2012-11-01 0:11 UTC (permalink / raw)
To: Kees Cook
Cc: linux-kernel, Will Drewry, Serge Hallyn, Cyrill Gorcunov,
KAMEZAWA Hiroyuki
On Wed, 31 Oct 2012 13:09:27 -0700
Kees Cook <keescook@chromium.org> wrote:
> Adds the seccomp mode to the /proc/$pid/status file so the state of
> seccomp can be externally examined.
There's no reason here for anyone to apply this patch to anything.
Presumably you see some value to our users - please share your thoughts
with us ;)
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -327,6 +327,13 @@ static inline void task_cap(struct seq_file *m, struct task_struct *p)
> render_cap_t(m, "CapBnd:\t", &cap_bset);
> }
>
> +static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
> +{
> +#ifdef CONFIG_SECCOMP
hm, OK, cpuset_task_status_allowed() is a no-op if CONFIG_CPUSETS=n, so
there is precedent for fields vanishing with Kconfig changes.
> + seq_printf(m, "Seccomp:\t%d\n", p->seccomp.mode);
Get thee yon unto Documentation/filesystems/proc.txt!
> +#endif
> +}
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-11-01 0:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-31 20:09 [PATCH] proc: add "Seccomp" to status Kees Cook
2012-10-31 20:21 ` Cyrill Gorcunov
2012-11-01 0:11 ` Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox