On Mon, Oct 29, 2012 at 7:05 PM, Al Viro <v...@zeniv.linux.org.uk> wrote: > On Mon, Oct 29, 2012 at 05:41:20PM -0700, Kees Cook wrote: >> From: Will Drewry <w...@chromium.org> >> >> There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_TRACE >> path in entry-common.S. In order to add support for >> CONFIG_HAVE_ARCH_SECCOMP_FILTER without mangling the assembly too badly, >> seccomp was moved into the syscall_trace_enter() handler. >> >> Additionally, the return value for secure_computing() is now checked >> and a -1 value will result in the system call being skipped. > > This is too ugly. Just expand the calls of ptrace_syscall_trace() into > both callers and do secure_computing() hookup in there. And for pity
So ad722541 didn't go far enough? It seems like it makes sense to re-use the code in there. > sake, would somebody rename the damn thing? It's *dripping* with > marketdroidese... True, but that's been its name since seccomp mode 1. We could rename it internally, but I think that would make more sense as a separate patch set. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/