summaryrefslogtreecommitdiffstats
path: root/kernel/seccomp.c
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2016-05-26 20:47:01 +0200
committerKees Cook <keescook@chromium.org>2016-06-14 19:54:38 +0200
commit58d0a862f573c3354fa912603ef5a4db188774e7 (patch)
tree7d7f4c5ad0c47c9353da6a4528aeaab1f4d2088d /kernel/seccomp.c
parentsecurity: tomoyo: simplify the gc kthread creation (diff)
downloadlinux-58d0a862f573c3354fa912603ef5a4db188774e7.tar.xz
linux-58d0a862f573c3354fa912603ef5a4db188774e7.zip
seccomp: add tests for ptrace hole
One problem with seccomp was that ptrace could be used to change a syscall after seccomp filtering had completed. This was a well documented limitation, and it was recommended to block ptrace when defining a filter to avoid this problem. This can be quite a limitation for containers or other places where ptrace is desired even under seccomp filters. This adds tests for both SECCOMP_RET_TRACE and PTRACE_SYSCALL manipulations. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@kernel.org>
Diffstat (limited to 'kernel/seccomp.c')
0 files changed, 0 insertions, 0 deletions