Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6

author: David Woodhouse <dwmw2@infradead.org> 2007-07-23 11:20:10 +0200
committer: David Woodhouse <dwmw2@infradead.org> 2007-07-23 11:20:10 +0200
commit: 39fe5434cb9de5da40510028b17b96bc4eb312b3 (patch)
tree: 7a02a317b9ad57da51ca99887c119e779ccf3f13 /kernel/seccomp.c
parent: [JFFS2] Add declaration of jffs2_lzo_{init,exit} to compr.h (diff)
parent: Linux 2.6.23-rc1 (diff)
download: linux-39fe5434cb9de5da40510028b17b96bc4eb312b3.tar.xz
linux-39fe5434cb9de5da40510028b17b96bc4eb312b3.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index c3391b6020e8..ad64fcb731f2 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -10,6 +10,7 @@
 #include <linux/sched.h>
 
 /* #define SECCOMP_DEBUG 1 */
+#define NR_SECCOMP_MODES 1
 
 /*
  * Secure computing mode 1 allows only read/write/exit/sigreturn.
@@ -54,3 +55,31 @@ void __secure_computing(int this_syscall)
 #endif
 	do_exit(SIGKILL);
 }
+
+long prctl_get_seccomp(void)
+{
+	return current->seccomp.mode;
+}
+
+long prctl_set_seccomp(unsigned long seccomp_mode)
+{
+	long ret;
+
+	/* can set it only once to be even more secure */
+	ret = -EPERM;
+	if (unlikely(current->seccomp.mode))
+		goto out;
+
+	ret = -EINVAL;
+	if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) {
+		current->seccomp.mode = seccomp_mode;
+		set_thread_flag(TIF_SECCOMP);
+#ifdef TIF_NOTSC
+		disable_TSC();
+#endif
+		ret = 0;
+	}
+
+ out:
+	return ret;
+}
author	David Woodhouse <dwmw2@infradead.org>	2007-07-23 11:20:10 +0200
committer	David Woodhouse <dwmw2@infradead.org>	2007-07-23 11:20:10 +0200
commit	39fe5434cb9de5da40510028b17b96bc4eb312b3 (patch)
tree	7a02a317b9ad57da51ca99887c119e779ccf3f13 /kernel/seccomp.c
parent	[JFFS2] Add declaration of jffs2_lzo_{init,exit} to compr.h (diff)
parent	Linux 2.6.23-rc1 (diff)
download	linux-39fe5434cb9de5da40510028b17b96bc4eb312b3.tar.xz linux-39fe5434cb9de5da40510028b17b96bc4eb312b3.zip