Re: [PATCH] samples: Unrename SECCOMP_RET_KILL
On Wed, 16 Aug 2017, Kees Cook wrote: > Since samples can still be built before header installs, avoid the > cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next. > > Cc: Stephen Rothwell> Signed-off-by: Kees Cook > --- > Hi James, this should fix the samples build failure seen during -next > cross compiles. Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris
Re: [PATCH] samples: Unrename SECCOMP_RET_KILL
On Wed, 16 Aug 2017, Kees Cook wrote: > Since samples can still be built before header installs, avoid the > cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next. > > Cc: Stephen Rothwell > Signed-off-by: Kees Cook > --- > Hi James, this should fix the samples build failure seen during -next > cross compiles. Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris
[PATCH] samples: Unrename SECCOMP_RET_KILL
Since samples can still be built before header installs, avoid the cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next. Cc: Stephen RothwellSigned-off-by: Kees Cook --- Hi James, this should fix the samples build failure seen during -next cross compiles. --- samples/seccomp/bpf-direct.c | 4 ++-- samples/seccomp/bpf-helper.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/samples/seccomp/bpf-direct.c b/samples/seccomp/bpf-direct.c index 235ce3c49ee9..151ec3f52189 100644 --- a/samples/seccomp/bpf-direct.c +++ b/samples/seccomp/bpf-direct.c @@ -129,7 +129,7 @@ static int install_filter(void) /* Check that read is only using stdin. */ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDIN_FILENO, 4, 0), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD), + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL), /* Check that write is only using stdout */ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)), @@ -139,7 +139,7 @@ static int install_filter(void) BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD), + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL), }; struct sock_fprog prog = { .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), diff --git a/samples/seccomp/bpf-helper.h b/samples/seccomp/bpf-helper.h index 83dbe79cbe2c..1d8de9edd858 100644 --- a/samples/seccomp/bpf-helper.h +++ b/samples/seccomp/bpf-helper.h @@ -44,7 +44,7 @@ void seccomp_bpf_print(struct sock_filter *filter, size_t count); #define ALLOW \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #define DENY \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD) + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) #define JUMP(labels, label) \ BPF_JUMP(BPF_JMP+BPF_JA, FIND_LABEL((labels), (label)), \ JUMP_JT, JUMP_JF) -- 2.7.4 -- Kees Cook Pixel Security
[PATCH] samples: Unrename SECCOMP_RET_KILL
Since samples can still be built before header installs, avoid the cosmetic renaming of SECCOMP_RET_KILL to avoid build failures in -next. Cc: Stephen Rothwell Signed-off-by: Kees Cook --- Hi James, this should fix the samples build failure seen during -next cross compiles. --- samples/seccomp/bpf-direct.c | 4 ++-- samples/seccomp/bpf-helper.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/samples/seccomp/bpf-direct.c b/samples/seccomp/bpf-direct.c index 235ce3c49ee9..151ec3f52189 100644 --- a/samples/seccomp/bpf-direct.c +++ b/samples/seccomp/bpf-direct.c @@ -129,7 +129,7 @@ static int install_filter(void) /* Check that read is only using stdin. */ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDIN_FILENO, 4, 0), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD), + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL), /* Check that write is only using stdout */ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)), @@ -139,7 +139,7 @@ static int install_filter(void) BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD), + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL), }; struct sock_fprog prog = { .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), diff --git a/samples/seccomp/bpf-helper.h b/samples/seccomp/bpf-helper.h index 83dbe79cbe2c..1d8de9edd858 100644 --- a/samples/seccomp/bpf-helper.h +++ b/samples/seccomp/bpf-helper.h @@ -44,7 +44,7 @@ void seccomp_bpf_print(struct sock_filter *filter, size_t count); #define ALLOW \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #define DENY \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD) + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) #define JUMP(labels, label) \ BPF_JUMP(BPF_JMP+BPF_JA, FIND_LABEL((labels), (label)), \ JUMP_JT, JUMP_JF) -- 2.7.4 -- Kees Cook Pixel Security