diff options
author | Will Drewry <wad@chromium.org> | 2012-02-09 11:28:23 -0600 |
---|---|---|
committer | Leann Ogasawara <leann.ogasawara@canonical.com> | 2012-05-21 06:46:03 -0700 |
commit | 4b38a59ff304d7d0b7a1ec8c7fe01a92a4b3ed10 (patch) | |
tree | 0b95bd3400ccca87b6e1246fc998a77b319ca555 /Documentation | |
parent | 256d26dee381643020f9cf2ec25ec3323329db2b (diff) |
UBUNTU: SAUCE: SECCOMP: x86: Enable HAVE_ARCH_SECCOMP_FILTER
Enable support for seccomp filter on x86:
- asm/tracehook.h exists
- syscall_get_arguments() works
- syscall_rollback() works
- ptrace_report_syscall() works
- secure_computing() return value is honored (see below)
This also adds support for honoring the return
value from secure_computing().
SECCOMP_RET_TRACE and SECCOMP_RET_TRAP may result in seccomp needing to
skip a system call without killing the process. This is done by
returning a non-zero (-1) value from secure_computing. This change
makes x86 respect that return value.
To ensure that minimal kernel code is exposed, a non-zero return value
results in an immediate return to user space (with an invalid syscall
number).
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions