diff options
author | Andrea Arcangeli <andrea@cpushare.com> | 2007-07-16 02:41:32 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-16 12:05:50 -0400 |
commit | 1d9d02feeee89e9132034d504c9a45eeaf618a3d (patch) | |
tree | a4324cce8acd77cace3b1d4cf3a1e61783707e5c /fs | |
parent | be0ef957c9eed4ebae873ee3fbcfb9dfde486dec (diff) |
move seccomp from /proc to a prctl
This reduces the memory footprint and it enforces that only the current
task can enable seccomp on itself (this is a requirement for a
strightforward [modulo preempt ;) ] TIF_NOTSC implementation).
Signed-off-by: Andrea Arcangeli <andrea@cpushare.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/proc/base.c | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index d0921944e68c..ae3627337a92 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -67,7 +67,6 @@ | |||
67 | #include <linux/mount.h> | 67 | #include <linux/mount.h> |
68 | #include <linux/security.h> | 68 | #include <linux/security.h> |
69 | #include <linux/ptrace.h> | 69 | #include <linux/ptrace.h> |
70 | #include <linux/seccomp.h> | ||
71 | #include <linux/cpuset.h> | 70 | #include <linux/cpuset.h> |
72 | #include <linux/audit.h> | 71 | #include <linux/audit.h> |
73 | #include <linux/poll.h> | 72 | #include <linux/poll.h> |
@@ -817,71 +816,6 @@ static const struct file_operations proc_loginuid_operations = { | |||
817 | }; | 816 | }; |
818 | #endif | 817 | #endif |
819 | 818 | ||
820 | #ifdef CONFIG_SECCOMP | ||
821 | static ssize_t seccomp_read(struct file *file, char __user *buf, | ||
822 | size_t count, loff_t *ppos) | ||
823 | { | ||
824 | struct task_struct *tsk = get_proc_task(file->f_dentry->d_inode); | ||
825 | char __buf[20]; | ||
826 | size_t len; | ||
827 | |||
828 | if (!tsk) | ||
829 | return -ESRCH; | ||
830 | /* no need to print the trailing zero, so use only len */ | ||
831 | len = sprintf(__buf, "%u\n", tsk->seccomp.mode); | ||
832 | put_task_struct(tsk); | ||
833 | |||
834 | return simple_read_from_buffer(buf, count, ppos, __buf, len); | ||
835 | } | ||
836 | |||
837 | static ssize_t seccomp_write(struct file *file, const char __user *buf, | ||
838 | size_t count, loff_t *ppos) | ||
839 | { | ||
840 | struct task_struct *tsk = get_proc_task(file->f_dentry->d_inode); | ||
841 | char __buf[20], *end; | ||
842 | unsigned int seccomp_mode; | ||
843 | ssize_t result; | ||
844 | |||
845 | result = -ESRCH; | ||
846 | if (!tsk) | ||
847 | goto out_no_task; | ||
848 | |||
849 | /* can set it only once to be even more secure */ | ||
850 | result = -EPERM; | ||
851 | if (unlikely(tsk->seccomp.mode)) | ||
852 | goto out; | ||
853 | |||
854 | result = -EFAULT; | ||
855 | memset(__buf, 0, sizeof(__buf)); | ||
856 | count = min(count, sizeof(__buf) - 1); | ||
857 | if (copy_from_user(__buf, buf, count)) | ||
858 | goto out; | ||
859 | |||
860 | seccomp_mode = simple_strtoul(__buf, &end, 0); | ||
861 | if (*end == '\n') | ||
862 | end++; | ||
863 | result = -EINVAL; | ||
864 | if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) { | ||
865 | tsk->seccomp.mode = seccomp_mode; | ||
866 | set_tsk_thread_flag(tsk, TIF_SECCOMP); | ||
867 | } else | ||
868 | goto out; | ||
869 | result = -EIO; | ||
870 | if (unlikely(!(end - __buf))) | ||
871 | goto out; | ||
872 | result = end - __buf; | ||
873 | out: | ||
874 | put_task_struct(tsk); | ||
875 | out_no_task: | ||
876 | return result; | ||
877 | } | ||
878 | |||
879 | static const struct file_operations proc_seccomp_operations = { | ||
880 | .read = seccomp_read, | ||
881 | .write = seccomp_write, | ||
882 | }; | ||
883 | #endif /* CONFIG_SECCOMP */ | ||
884 | |||
885 | #ifdef CONFIG_FAULT_INJECTION | 819 | #ifdef CONFIG_FAULT_INJECTION |
886 | static ssize_t proc_fault_inject_read(struct file * file, char __user * buf, | 820 | static ssize_t proc_fault_inject_read(struct file * file, char __user * buf, |
887 | size_t count, loff_t *ppos) | 821 | size_t count, loff_t *ppos) |
@@ -2042,9 +1976,6 @@ static const struct pid_entry tgid_base_stuff[] = { | |||
2042 | REG("numa_maps", S_IRUGO, numa_maps), | 1976 | REG("numa_maps", S_IRUGO, numa_maps), |
2043 | #endif | 1977 | #endif |
2044 | REG("mem", S_IRUSR|S_IWUSR, mem), | 1978 | REG("mem", S_IRUSR|S_IWUSR, mem), |
2045 | #ifdef CONFIG_SECCOMP | ||
2046 | REG("seccomp", S_IRUSR|S_IWUSR, seccomp), | ||
2047 | #endif | ||
2048 | LNK("cwd", cwd), | 1979 | LNK("cwd", cwd), |
2049 | LNK("root", root), | 1980 | LNK("root", root), |
2050 | LNK("exe", exe), | 1981 | LNK("exe", exe), |
@@ -2329,9 +2260,6 @@ static const struct pid_entry tid_base_stuff[] = { | |||
2329 | REG("numa_maps", S_IRUGO, numa_maps), | 2260 | REG("numa_maps", S_IRUGO, numa_maps), |
2330 | #endif | 2261 | #endif |
2331 | REG("mem", S_IRUSR|S_IWUSR, mem), | 2262 | REG("mem", S_IRUSR|S_IWUSR, mem), |
2332 | #ifdef CONFIG_SECCOMP | ||
2333 | REG("seccomp", S_IRUSR|S_IWUSR, seccomp), | ||
2334 | #endif | ||
2335 | LNK("cwd", cwd), | 2263 | LNK("cwd", cwd), |
2336 | LNK("root", root), | 2264 | LNK("root", root), |
2337 | LNK("exe", exe), | 2265 | LNK("exe", exe), |