AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-27 19:00:37 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
2f4b3bf6b2
linux_dsm_epyc7002/Documentation/filesystems
History
Kees Cook 2f4b3bf6b2 /proc/pid/status: add "Seccomp" field 
It is currently impossible to examine the state of seccomp for a given
process.  While attaching with gdb and attempting "call
prctl(PR_GET_SECCOMP,...)" will work with some situations, it is not
reliable.  If the process is in seccomp mode 1, this query will kill the
process (prctl not allowed), if the process is in mode 2 with prctl not
allowed, it will similarly be killed, and in weird cases, if prctl is
filtered to return errno 0, it can look like seccomp is disabled.

When reviewing the state of running processes, there should be a way to
externally examine the seccomp mode.  ("Did this build of Chrome end up
using seccomp?" "Did my distro ship ssh with seccomp enabled?")

This adds the "Seccomp" line to /proc/$pid/status.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: James Morris <jmorris@namei.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-12-17 17:15:22 -08:00
..
caching
configfs
nfs Merge branch 'for-3.7' of git://linux-nfs.org/~bfields/linux 2012-10-13 10:53:54 +09:00
pohmelfs Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
9p.txt
00-INDEX efivarfs: Add documentation for the EFI variable filesystem 2012-10-30 10:39:18 +00:00
adfs.txt
affs.txt
afs.txt
autofs4-mount-control.txt
automount-support.txt
befs.txt
bfs.txt
btrfs.txt
ceph.txt ceph: enable/disable dentry complete flags via mount option 2012-01-12 11:00:40 -08:00
cifs.txt
coda.txt
cramfs.txt
debugfs.txt debugfs: more tightly restrict default mount mode 2012-08-27 13:42:02 -07:00
devpts.txt
directory-locking
dlmfs.txt
dnotify_test.c
dnotify.txt
ecryptfs.txt
efivarfs.txt efivarfs: Add documentation for the EFI variable filesystem 2012-10-30 10:39:18 +00:00
exofs.txt
ext2.txt
ext3.txt ext3: update documentation with barrier=1 default 2012-04-11 11:12:45 +02:00
ext4.txt ext4: Remove CONFIG_EXT4_FS_XATTR 2012-12-10 16:30:43 -05:00
fiemap.txt
files.txt Wrap accesses to the fd_sets in struct fdtable 2012-02-19 10:30:52 -08:00
fuse.txt
gfs2-glocks.txt GFS2: Update glock doc to add new stats info 2012-05-10 12:41:40 +01:00
gfs2-uevents.txt Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
gfs2.txt GFS2: Update main gfs2 doc 2012-05-10 11:45:31 +01:00
hfs.txt
hfsplus.txt
hpfs.txt
inotify.txt
isofs.txt
jfs.txt jfs: Remove obsolete email address 2012-09-17 12:00:01 -05:00
Locking Documentation: get rid of write_super 2012-08-04 01:25:20 +04:00
locks.txt
logfs.txt
Makefile
mandatory-locking.txt
ncpfs.txt
nilfs2.txt
ntfs.txt
ocfs2.txt
omfs.txt
path-lookup.txt
porting Documentation: get rid of write_super 2012-08-04 01:25:20 +04:00
proc.txt /proc/pid/status: add "Seccomp" field 2012-12-17 17:15:22 -08:00
qnx6.txt Documentation: Fix typo in multiple files in Documentation 2012-04-16 14:37:13 +02:00
quota.txt
ramfs-rootfs-initramfs.txt Documentation: Fix Broken URL "freshmeat" 2012-02-21 11:43:45 +01:00
relay.txt
romfs.txt
seq_file.txt
sharedsubtree.txt
spufs.txt
squashfs.txt
sysfs-pci.txt
sysfs-tagging.txt
sysfs.txt
sysv-fs.txt
tmpfs.txt
ubifs.txt
udf.txt
ufs.txt
vfat.txt fat: provide option for setting timezone offset 2012-12-17 17:15:22 -08:00
vfs.txt Documentation: get rid of write_super 2012-08-04 01:25:20 +04:00
xfs-delayed-logging-design.txt
xfs.txt xfs: Remove the description of nodelaylog mount option from xfs.txt 2012-11-26 16:00:51 -06:00
xip.txt