| /linux-4.1.27/kernel/ |
| D | seccomp.c | 178 struct seccomp_filter *f = ACCESS_ONCE(current->seccomp.filter); in seccomp_run_filters()
212 if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) in seccomp_may_assign_mode()
223 task->seccomp.mode = seccomp_mode; in seccomp_assign_mode()
271 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED || in seccomp_can_sync_threads()
272 (thread->seccomp.mode == SECCOMP_MODE_FILTER && in seccomp_can_sync_threads()
273 is_ancestor(thread->seccomp.filter, in seccomp_can_sync_threads()
274 caller->seccomp.filter))) in seccomp_can_sync_threads()
318 smp_store_release(&thread->seccomp.filter, in seccomp_sync_threads()
319 caller->seccomp.filter); in seccomp_sync_threads()
336 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) in seccomp_sync_threads()
[all …]
|
| D | fork.c | 355 tsk->seccomp.filter = NULL; in dup_task_struct()
1175 p->seccomp = current->seccomp; in copy_seccomp()
1190 if (p->seccomp.mode != SECCOMP_MODE_DISABLED) in copy_seccomp()
|
| D | Makefile | 74 obj-$(CONFIG_SECCOMP) += seccomp.o
|
| /linux-4.1.27/include/linux/ |
| D | seccomp.h | 25 struct seccomp { struct
51 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode()
60 struct seccomp { }; struct
79 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode()
|
| D | sched.h | 1503 struct seccomp seccomp; member
|
| /linux-4.1.27/Documentation/prctl/ |
| D | seccomp_filter.txt | 23 Additionally, BPF makes it impossible for users of seccomp to fall prey
45 An additional seccomp mode is added and is enabled using the same
46 prctl(2) call as the strict seccomp. If the architecture has
84 A seccomp filter may return any of the following values. If multiple
111 SIGSYS triggered by seccomp will have a si_code of SYS_SECCOMP.
136 The seccomp check will not be run again after the tracer is
137 notified. (This means that seccomp-based sandboxes MUST NOT
165 The samples/seccomp/ directory contains both an x86-specific example
175 architecture supports both ptrace_event and seccomp, it will be able to
176 support seccomp filter with minor fixup: SIGSYS support and seccomp return
[all …]
|
| D | no_new_privs.txt | 41 - Filters installed for the seccomp mode 2 sandbox persist across
|
| /linux-4.1.27/samples/ |
| D | Makefile | 4 hw_breakpoint/ kfifo/ kdb/ hidraw/ rpmsg/ seccomp/
|
| /linux-4.1.27/arch/microblaze/ |
| D | Kconfig | 113 bool "Enable seccomp to safely compute untrusted bytecode"
122 their own address space using seccomp. Once seccomp is
123 enabled via /proc/<pid>/seccomp, it cannot be disabled
125 defined by each seccomp mode.
|
| /linux-4.1.27/arch/parisc/ |
| D | Kconfig | 327 prompt "Enable seccomp to safely compute untrusted bytecode"
334 their own address space using seccomp. Once seccomp is
337 defined by each seccomp mode.
|
| /linux-4.1.27/arch/parisc/include/asm/ |
| D | Kbuild | 24 generic-y += seccomp.h
|
| /linux-4.1.27/arch/arm/include/asm/ |
| D | Kbuild | 24 generic-y += seccomp.h
|
| /linux-4.1.27/arch/sparc/ |
| D | Kconfig | 237 bool "Enable seccomp to safely compute untrusted bytecode"
246 their own address space using seccomp. Once seccomp is
247 enabled via /proc/<pid>/seccomp, it cannot be disabled
249 defined by each seccomp mode.
|
| /linux-4.1.27/arch/s390/ |
| D | Kconfig | 616 prompt "Enable seccomp to safely compute untrusted bytecode"
624 their own address space using seccomp. Once seccomp is
625 enabled via /proc/<pid>/seccomp, it cannot be disabled
627 defined by each seccomp mode.
|
| /linux-4.1.27/arch/sh/ |
| D | Kconfig | 652 bool "Enable seccomp to safely compute untrusted bytecode"
660 their own address space using seccomp. Once seccomp is
662 allowed to execute a few safe syscalls defined by each seccomp
|
| /linux-4.1.27/arch/arm64/ |
| D | Kconfig | 584 bool "Enable seccomp to safely compute untrusted bytecode"
591 their own address space using seccomp. Once seccomp is
594 defined by each seccomp mode.
|
| /linux-4.1.27/arch/powerpc/ |
| D | Kconfig | 682 bool "Enable seccomp to safely compute untrusted bytecode"
691 their own address space using seccomp. Once seccomp is
692 enabled via /proc/<pid>/seccomp, it cannot be disabled
694 defined by each seccomp mode.
|
| /linux-4.1.27/arch/parisc/kernel/ |
| D | syscall_table.S | 436 ENTRY_SAME(seccomp)
|
| /linux-4.1.27/arch/powerpc/include/asm/ |
| D | systbl.h | 365 SYSCALL_SPU(seccomp)
|
| /linux-4.1.27/arch/mips/kernel/ |
| D | scall64-64.S | 86 bltz v0, 2f # seccomp failed? Skip syscall
|
| D | scall64-n32.S | 78 bltz v0, 2f # seccomp failed? Skip syscall
|
| D | scall32-o32.S | 131 bltz v0, 2f # seccomp failed? Skip syscall
|
| D | scall64-o32.S | 132 bltz v0, 2f # seccomp failed? Skip syscall
|
| /linux-4.1.27/arch/s390/kernel/ |
| D | compat_wrapper.c | 217 COMPAT_SYSCALL_WRAP3(seccomp, unsigned int, op, unsigned int, flags, const char __user *, uargs)
|
| /linux-4.1.27/arch/x86/syscalls/ |
| D | syscall_64.tbl | 326 317 common seccomp sys_seccomp
|
| D | syscall_32.tbl | 363 354 i386 seccomp sys_seccomp
|
| /linux-4.1.27/Documentation/networking/ |
| D | filter.txt | 585 includes seccomp BPF, classic socket filters, cls_bpf traffic classifier,
805 its content is defined by a specific use case. For seccomp register R1 points
824 optimizations, socket filters and seccomp are using it as assembler. Tracing
1091 seccomp vs socket filters have different security restrictions for classic BPF.
1093 by seccomp verifier. In case of eBPF one configurable verifier is shared for
|
| /linux-4.1.27/fs/proc/ |
| D | array.c | 322 seq_printf(m, "Seccomp:\t%d\n", p->seccomp.mode); in task_seccomp()
|
| /linux-4.1.27/arch/mips/ |
| D | Kconfig | 2628 bool "Enable seccomp to safely compute untrusted bytecode"
2637 their own address space using seccomp. Once seccomp is
2638 enabled via /proc/<pid>/seccomp, it cannot be disabled
2640 defined by each seccomp mode.
|
| /linux-4.1.27/arch/arm/ |
| D | Kconfig | 1616 The seccomp filter system will not be available when this is
1736 prompt "Enable seccomp to safely compute untrusted bytecode"
1743 their own address space using seccomp. Once seccomp is
1746 defined by each seccomp mode.
|
| /linux-4.1.27/include/uapi/linux/ |
| D | Kbuild | 358 header-y += seccomp.h
|
| /linux-4.1.27/arch/ |
| D | Kconfig | 324 - seccomp syscall wired up
|
| /linux-4.1.27/arch/x86/ |
| D | Kconfig | 1702 prompt "Enable seccomp to safely compute untrusted bytecode"
1709 their own address space using seccomp. Once seccomp is
1712 defined by each seccomp mode.
|
| /linux-4.1.27/Documentation/filesystems/ |
| D | proc.txt | 251 Seccomp seccomp mode, like prctl(PR_GET_SECCOMP, ...)
|
| /linux-4.1.27/ |
| D | MAINTAINERS | 8772 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp
8774 F: kernel/seccomp.c
8775 F: include/uapi/linux/seccomp.h
8776 F: include/linux/seccomp.h
|