diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-08-06 11:06:39 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-08-06 11:06:39 -0400 |
| commit | bb2cbf5e9367d8598fecd0c48dead69560750223 (patch) | |
| tree | fb2c620451b90f41a31726bdd82077813f941e39 /include/linux/seccomp.h | |
| parent | e7fda6c4c3c1a7d6996dd75fd84670fa0b5d448f (diff) | |
| parent | 478d085524c57cf4283699f529d5a4c22188ea69 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"In this release:
- PKCS#7 parser for the key management subsystem from David Howells
- appoint Kees Cook as seccomp maintainer
- bugfixes and general maintenance across the subsystem"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (94 commits)
X.509: Need to export x509_request_asymmetric_key()
netlabel: shorter names for the NetLabel catmap funcs/structs
netlabel: fix the catmap walking functions
netlabel: fix the horribly broken catmap functions
netlabel: fix a problem when setting bits below the previously lowest bit
PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1
tpm: simplify code by using %*phN specifier
tpm: Provide a generic means to override the chip returned timeouts
tpm: missing tpm_chip_put in tpm_get_random()
tpm: Properly clean sysfs entries in error path
tpm: Add missing tpm_do_selftest to ST33 I2C driver
PKCS#7: Use x509_request_asymmetric_key()
Revert "selinux: fix the default socket labeling in sock_graft()"
X.509: x509_request_asymmetric_keys() doesn't need string length arguments
PKCS#7: fix sparse non static symbol warning
KEYS: revert encrypted key change
ima: add support for measuring and appraising firmware
firmware_class: perform new LSM checks
security: introduce kernel_fw_from_file hook
PKCS#7: Missing inclusion of linux/err.h
...
Diffstat (limited to 'include/linux/seccomp.h')
| -rw-r--r-- | include/linux/seccomp.h | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 4054b0994071..5d586a45a319 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h | |||
| @@ -3,6 +3,8 @@ | |||
| 3 | 3 | ||
| 4 | #include <uapi/linux/seccomp.h> | 4 | #include <uapi/linux/seccomp.h> |
| 5 | 5 | ||
| 6 | #define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC) | ||
| 7 | |||
| 6 | #ifdef CONFIG_SECCOMP | 8 | #ifdef CONFIG_SECCOMP |
| 7 | 9 | ||
| 8 | #include <linux/thread_info.h> | 10 | #include <linux/thread_info.h> |
| @@ -14,11 +16,11 @@ struct seccomp_filter; | |||
| 14 | * | 16 | * |
| 15 | * @mode: indicates one of the valid values above for controlled | 17 | * @mode: indicates one of the valid values above for controlled |
| 16 | * system calls available to a process. | 18 | * system calls available to a process. |
| 17 | * @filter: The metadata and ruleset for determining what system calls | 19 | * @filter: must always point to a valid seccomp-filter or NULL as it is |
| 18 | * are allowed for a task. | 20 | * accessed without locking during system call entry. |
| 19 | * | 21 | * |
| 20 | * @filter must only be accessed from the context of current as there | 22 | * @filter must only be accessed from the context of current as there |
| 21 | * is no locking. | 23 | * is no read locking. |
| 22 | */ | 24 | */ |
| 23 | struct seccomp { | 25 | struct seccomp { |
| 24 | int mode; | 26 | int mode; |