aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorAndrea Arcangeli <andrea@cpushare.com>2007-07-16 02:41:32 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-16 12:05:50 -0400
commit1d9d02feeee89e9132034d504c9a45eeaf618a3d (patch)
treea4324cce8acd77cace3b1d4cf3a1e61783707e5c /fs
parentbe0ef957c9eed4ebae873ee3fbcfb9dfde486dec (diff)
move seccomp from /proc to a prctl
This reduces the memory footprint and it enforces that only the current task can enable seccomp on itself (this is a requirement for a strightforward [modulo preempt ;) ] TIF_NOTSC implementation). Signed-off-by: Andrea Arcangeli <andrea@cpushare.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/proc/base.c72
1 files changed, 0 insertions, 72 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index d0921944e68c..ae3627337a92 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -67,7 +67,6 @@
67#include <linux/mount.h> 67#include <linux/mount.h>
68#include <linux/security.h> 68#include <linux/security.h>
69#include <linux/ptrace.h> 69#include <linux/ptrace.h>
70#include <linux/seccomp.h>
71#include <linux/cpuset.h> 70#include <linux/cpuset.h>
72#include <linux/audit.h> 71#include <linux/audit.h>
73#include <linux/poll.h> 72#include <linux/poll.h>
@@ -817,71 +816,6 @@ static const struct file_operations proc_loginuid_operations = {
817}; 816};
818#endif 817#endif
819 818
820#ifdef CONFIG_SECCOMP
821static ssize_t seccomp_read(struct file *file, char __user *buf,
822 size_t count, loff_t *ppos)
823{
824 struct task_struct *tsk = get_proc_task(file->f_dentry->d_inode);
825 char __buf[20];
826 size_t len;
827
828 if (!tsk)
829 return -ESRCH;
830 /* no need to print the trailing zero, so use only len */
831 len = sprintf(__buf, "%u\n", tsk->seccomp.mode);
832 put_task_struct(tsk);
833
834 return simple_read_from_buffer(buf, count, ppos, __buf, len);
835}
836
837static ssize_t seccomp_write(struct file *file, const char __user *buf,
838 size_t count, loff_t *ppos)
839{
840 struct task_struct *tsk = get_proc_task(file->f_dentry->d_inode);
841 char __buf[20], *end;
842 unsigned int seccomp_mode;
843 ssize_t result;
844
845 result = -ESRCH;
846 if (!tsk)
847 goto out_no_task;
848
849 /* can set it only once to be even more secure */
850 result = -EPERM;
851 if (unlikely(tsk->seccomp.mode))
852 goto out;
853
854 result = -EFAULT;
855 memset(__buf, 0, sizeof(__buf));
856 count = min(count, sizeof(__buf) - 1);
857 if (copy_from_user(__buf, buf, count))
858 goto out;
859
860 seccomp_mode = simple_strtoul(__buf, &end, 0);
861 if (*end == '\n')
862 end++;
863 result = -EINVAL;
864 if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) {
865 tsk->seccomp.mode = seccomp_mode;
866 set_tsk_thread_flag(tsk, TIF_SECCOMP);
867 } else
868 goto out;
869 result = -EIO;
870 if (unlikely(!(end - __buf)))
871 goto out;
872 result = end - __buf;
873out:
874 put_task_struct(tsk);
875out_no_task:
876 return result;
877}
878
879static const struct file_operations proc_seccomp_operations = {
880 .read = seccomp_read,
881 .write = seccomp_write,
882};
883#endif /* CONFIG_SECCOMP */
884
885#ifdef CONFIG_FAULT_INJECTION 819#ifdef CONFIG_FAULT_INJECTION
886static ssize_t proc_fault_inject_read(struct file * file, char __user * buf, 820static ssize_t proc_fault_inject_read(struct file * file, char __user * buf,
887 size_t count, loff_t *ppos) 821 size_t count, loff_t *ppos)
@@ -2042,9 +1976,6 @@ static const struct pid_entry tgid_base_stuff[] = {
2042 REG("numa_maps", S_IRUGO, numa_maps), 1976 REG("numa_maps", S_IRUGO, numa_maps),
2043#endif 1977#endif
2044 REG("mem", S_IRUSR|S_IWUSR, mem), 1978 REG("mem", S_IRUSR|S_IWUSR, mem),
2045#ifdef CONFIG_SECCOMP
2046 REG("seccomp", S_IRUSR|S_IWUSR, seccomp),
2047#endif
2048 LNK("cwd", cwd), 1979 LNK("cwd", cwd),
2049 LNK("root", root), 1980 LNK("root", root),
2050 LNK("exe", exe), 1981 LNK("exe", exe),
@@ -2329,9 +2260,6 @@ static const struct pid_entry tid_base_stuff[] = {
2329 REG("numa_maps", S_IRUGO, numa_maps), 2260 REG("numa_maps", S_IRUGO, numa_maps),
2330#endif 2261#endif
2331 REG("mem", S_IRUSR|S_IWUSR, mem), 2262 REG("mem", S_IRUSR|S_IWUSR, mem),
2332#ifdef CONFIG_SECCOMP
2333 REG("seccomp", S_IRUSR|S_IWUSR, seccomp),
2334#endif
2335 LNK("cwd", cwd), 2263 LNK("cwd", cwd),
2336 LNK("root", root), 2264 LNK("root", root),
2337 LNK("exe", exe), 2265 LNK("exe", exe),