Re: [PATCH] samples: Unrename SECCOMP_RET_KILL

2017-08-16 Thread James Morris 
On Wed, 16 Aug 2017, Kees Cook wrote:

> Since samples can still be built before header installs, avoid the
> cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next.
> 
> Cc: Stephen Rothwell 
> Signed-off-by: Kees Cook 
> ---
> Hi James, this should fix the samples build failure seen during -next
> cross compiles.

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

-- 
James Morris

Re: [PATCH] samples: Unrename SECCOMP_RET_KILL

2017-08-16 Thread James Morris 
On Wed, 16 Aug 2017, Kees Cook wrote:

> Since samples can still be built before header installs, avoid the
> cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next.
> 
> Cc: Stephen Rothwell 
> Signed-off-by: Kees Cook 
> ---
> Hi James, this should fix the samples build failure seen during -next
> cross compiles.

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

-- 
James Morris

[PATCH] samples: Unrename SECCOMP_RET_KILL

2017-08-16 Thread Kees Cook 
Since samples can still be built before header installs, avoid the
cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next.

Cc: Stephen Rothwell 
Signed-off-by: Kees Cook 
---
Hi James, this should fix the samples build failure seen during -next
cross compiles.
---
 samples/seccomp/bpf-direct.c | 4 ++--
 samples/seccomp/bpf-helper.h | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/samples/seccomp/bpf-direct.c b/samples/seccomp/bpf-direct.c
index 235ce3c49ee9..151ec3f52189 100644
--- a/samples/seccomp/bpf-direct.c
+++ b/samples/seccomp/bpf-direct.c
@@ -129,7 +129,7 @@ static int install_filter(void)
/* Check that read is only using stdin. */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDIN_FILENO, 4, 0),
-   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD),
+   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
 
/* Check that write is only using stdout */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)),
@@ -139,7 +139,7 @@ static int install_filter(void)
 
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP),
-   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD),
+   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
};
struct sock_fprog prog = {
.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
diff --git a/samples/seccomp/bpf-helper.h b/samples/seccomp/bpf-helper.h
index 83dbe79cbe2c..1d8de9edd858 100644
--- a/samples/seccomp/bpf-helper.h
+++ b/samples/seccomp/bpf-helper.h
@@ -44,7 +44,7 @@ void seccomp_bpf_print(struct sock_filter *filter, size_t 
count);
 #define ALLOW \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #define DENY \
-   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD)
+   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
 #define JUMP(labels, label) \
BPF_JUMP(BPF_JMP+BPF_JA, FIND_LABEL((labels), (label)), \
 JUMP_JT, JUMP_JF)
-- 
2.7.4


-- 
Kees Cook
Pixel Security

[PATCH] samples: Unrename SECCOMP_RET_KILL

2017-08-16 Thread Kees Cook 
Since samples can still be built before header installs, avoid the
cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next.

Cc: Stephen Rothwell 
Signed-off-by: Kees Cook 
---
Hi James, this should fix the samples build failure seen during -next
cross compiles.
---
 samples/seccomp/bpf-direct.c | 4 ++--
 samples/seccomp/bpf-helper.h | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/samples/seccomp/bpf-direct.c b/samples/seccomp/bpf-direct.c
index 235ce3c49ee9..151ec3f52189 100644
--- a/samples/seccomp/bpf-direct.c
+++ b/samples/seccomp/bpf-direct.c
@@ -129,7 +129,7 @@ static int install_filter(void)
/* Check that read is only using stdin. */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDIN_FILENO, 4, 0),
-   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD),
+   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
 
/* Check that write is only using stdout */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)),
@@ -139,7 +139,7 @@ static int install_filter(void)
 
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP),
-   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD),
+   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
};
struct sock_fprog prog = {
.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
diff --git a/samples/seccomp/bpf-helper.h b/samples/seccomp/bpf-helper.h
index 83dbe79cbe2c..1d8de9edd858 100644
--- a/samples/seccomp/bpf-helper.h
+++ b/samples/seccomp/bpf-helper.h
@@ -44,7 +44,7 @@ void seccomp_bpf_print(struct sock_filter *filter, size_t 
count);
 #define ALLOW \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #define DENY \
-   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD)
+   BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
 #define JUMP(labels, label) \
BPF_JUMP(BPF_JMP+BPF_JA, FIND_LABEL((labels), (label)), \
 JUMP_JT, JUMP_JF)
-- 
2.7.4


-- 
Kees Cook
Pixel Security