| /linux-4.1.27/arch/sparc/include/asm/ |
| H A D | seccomp.h | 8 #include <asm-generic/seccomp.h>
|
| /linux-4.1.27/arch/microblaze/include/asm/ |
| H A D | seccomp.h | 8 #include <asm-generic/seccomp.h>
|
| /linux-4.1.27/arch/powerpc/include/asm/ |
| H A D | seccomp.h | 8 #include <asm-generic/seccomp.h>
|
| H A D | systbl.h | 365 SYSCALL_SPU(seccomp)
|
| /linux-4.1.27/include/linux/ |
| H A D | seccomp.h | 4 #include <uapi/linux/seccomp.h>
11 #include <asm/seccomp.h>
15 * struct seccomp - the state of a seccomp'ed process
19 * @filter: must always point to a valid seccomp-filter or NULL as it is
25 struct seccomp { struct
51 static inline int seccomp_mode(struct seccomp *s) seccomp_mode()
60 struct seccomp { }; struct
79 static inline int seccomp_mode(struct seccomp *s) seccomp_mode()
|
| H A D | sched.h | 44 #include <linux/seccomp.h>
1503 struct seccomp seccomp; member in struct:task_struct
|
| /linux-4.1.27/arch/mips/include/asm/ |
| H A D | seccomp.h | 8 * The generic seccomp code currently allows only a single compat ABI. Until
27 #include <asm-generic/seccomp.h>
|
| /linux-4.1.27/arch/x86/include/asm/ |
| H A D | seccomp.h | 18 #include <asm-generic/seccomp.h>
|
| /linux-4.1.27/arch/arm64/include/asm/ |
| H A D | seccomp.h | 2 * arch/arm64/include/asm/seccomp.h
23 #include <asm-generic/seccomp.h>
|
| /linux-4.1.27/include/uapi/linux/ |
| H A D | seccomp.h | 8 /* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */
9 #define SECCOMP_MODE_DISABLED 0 /* seccomp is not in use. */
13 /* Valid operations for seccomp syscall. */
|
| H A D | prctl.h | 65 /* Get/set process seccomp mode */
|
| /linux-4.1.27/kernel/ |
| H A D | seccomp.c | 2 * linux/kernel/seccomp.c
20 #include <linux/seccomp.h>
37 * struct seccomp_filter - container for seccomp BPF programs
49 * with current->seccomp.filter, the most recently attached or inherited filter.
89 * seccomp_check_filter - verify seccomp filter code
171 * seccomp_run_filters - evaluates all seccomp filters against @syscall
174 * Returns valid seccomp BPF response codes.
178 struct seccomp_filter *f = ACCESS_ONCE(current->seccomp.filter); seccomp_run_filters()
212 if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) seccomp_may_assign_mode()
223 task->seccomp.mode = seccomp_mode; seccomp_assign_mode()
252 * either not in the correct seccomp mode or it did not have an ancestral
253 * seccomp filter.
271 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED || for_each_thread()
272 (thread->seccomp.mode == SECCOMP_MODE_FILTER && for_each_thread()
273 is_ancestor(thread->seccomp.filter, for_each_thread()
274 caller->seccomp.filter))) for_each_thread()
318 smp_store_release(&thread->seccomp.filter, for_each_thread()
319 caller->seccomp.filter); for_each_thread()
324 * a thread that sets it up, enters seccomp, for_each_thread()
331 * Opt the other thread into seccomp if needed. for_each_thread()
336 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) for_each_thread()
342 * seccomp_prepare_filter: Prepares a seccomp filter for use.
361 * Installing a seccomp filter requires that the task has seccomp_prepare_filter()
385 /* Check and rewrite the fprog for seccomp use */ seccomp_prepare_filter()
458 * @filter: seccomp filter to add to the current process
474 for (walker = current->seccomp.filter; walker; walker = walker->prev) seccomp_attach_filter()
492 filter->prev = current->seccomp.filter; seccomp_attach_filter()
493 current->seccomp.filter = filter; seccomp_attach_filter()
505 struct seccomp_filter *orig = tsk->seccomp.filter; get_seccomp_filter()
520 /* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */ put_seccomp_filter()
523 struct seccomp_filter *orig = tsk->seccomp.filter; put_seccomp_filter()
592 int mode = current->seccomp.mode; secure_computing_strict()
667 * seccomp_phase1() - run fast path seccomp checks on the current syscall
691 int mode = current->seccomp.mode; seccomp_phase1()
709 * seccomp_phase2() - finish slow path seccomp work for the current syscall
752 return current->seccomp.mode; prctl_get_seccomp()
756 * seccomp_set_mode_strict: internal function for setting strict seccomp
758 * Once current->seccomp.mode is non-zero, it may not be changed.
786 * seccomp_set_mode_filter: internal function for setting seccomp filter
794 * Once current->seccomp.mode is non-zero, it may not be changed.
815 * Make sure we cannot change seccomp or nnp state via TSYNC seccomp_set_mode_filter()
866 SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags, SYSCALL_DEFINE3()
873 * prctl_set_seccomp: configures current->seccomp.mode
|
| H A D | fork.c | 39 #include <linux/seccomp.h>
350 * We must handle setting up seccomp filters once we're under dup_task_struct()
355 tsk->seccomp.filter = NULL; dup_task_struct()
1175 p->seccomp = current->seccomp; copy_seccomp()
1180 * sighand lock. The seccomp state and nnp must be in sync. copy_seccomp()
1186 * If the parent gained a seccomp mode after copying thread copy_seccomp()
1188 * to manually enable the seccomp thread flag here. copy_seccomp()
1190 if (p->seccomp.mode != SECCOMP_MODE_DISABLED) copy_seccomp()
1536 * Copy seccomp details explicitly here, in case they were changed copy_process()
|
| H A D | Makefile | 74 obj-$(CONFIG_SECCOMP) += seccomp.o
|
| H A D | sys.c | 33 #include <linux/seccomp.h>
|
| /linux-4.1.27/include/asm-generic/ |
| H A D | seccomp.h | 2 * include/asm-generic/seccomp.h
|
| /linux-4.1.27/samples/seccomp/ |
| H A D | dropper.c | 20 #include <linux/seccomp.h>
|
| H A D | bpf-fancy.c | 13 #include <linux/seccomp.h>
|
| H A D | bpf-direct.c | 21 #include <linux/seccomp.h>
|
| H A D | bpf-helper.h | 20 #include <linux/seccomp.h> /* for seccomp_data */
|
| /linux-4.1.27/arch/x86/kernel/ |
| H A D | vsyscall_64.c | 195 * Handle seccomp. regs->ip must be the original value. emulate_vsyscall()
198 * We could optimize the seccomp disabled case, but performance emulate_vsyscall()
206 "seccomp tried to change syscall nr or ip"); emulate_vsyscall()
|
| H A D | ptrace.c | 20 #include <linux/seccomp.h>
1462 * 1: go to phase 2; no seccomp phase 2 needed
1463 * anything else: go to phase 2; pass return value to seccomp
1486 * Do seccomp first -- it should minimize exposure of other syscall_trace_enter_phase1()
1487 * code, and keeping seccomp fast is probably more valuable syscall_trace_enter_phase1()
1532 return ret; /* seccomp and/or nohz only (ret == 0 here) */ syscall_trace_enter_phase1()
1572 * they can see any changes made by a seccomp tracer. syscall_trace_enter_phase2()
1575 /* seccomp failures shouldn't expose any additional code. */ syscall_trace_enter_phase2()
|
| /linux-4.1.27/arch/tile/kernel/ |
| H A D | regs_32.S | 30 * seccomp (secure computing) environments if necessary, based on
|
| H A D | regs_64.S | 30 * seccomp (secure computing) environments if necessary, based on
|
| /linux-4.1.27/arch/microblaze/kernel/ |
| H A D | ptrace.c | 34 #include <linux/seccomp.h>
|
| /linux-4.1.27/arch/arm/include/asm/ |
| H A D | thread_info.h | 154 #define TIF_SECCOMP 11 /* seccomp syscall filtering active */
|
| /linux-4.1.27/include/uapi/asm-generic/ |
| H A D | siginfo.h | 257 #define SYS_SECCOMP (__SI_SYS|1) /* seccomp triggered */
|
| /linux-4.1.27/arch/mips/kernel/ |
| H A D | scall64-n32.S | 78 bltz v0, 2f # seccomp failed? Skip syscall
|
| H A D | scall64-64.S | 86 bltz v0, 2f # seccomp failed? Skip syscall
|
| H A D | scall32-o32.S | 131 bltz v0, 2f # seccomp failed? Skip syscall
|
| H A D | scall64-o32.S | 132 bltz v0, 2f # seccomp failed? Skip syscall
|
| H A D | ptrace.c | 30 #include <linux/seccomp.h>
|
| /linux-4.1.27/arch/sh/kernel/ |
| H A D | ptrace_32.c | 24 #include <linux/seccomp.h>
|
| H A D | ptrace_64.c | 30 #include <linux/seccomp.h>
|
| /linux-4.1.27/arch/parisc/kernel/ |
| H A D | ptrace.c | 20 #include <linux/seccomp.h>
|
| H A D | syscall_table.S | 436 ENTRY_SAME(seccomp)
|
| /linux-4.1.27/fs/proc/ |
| H A D | array.c | 322 seq_printf(m, "Seccomp:\t%d\n", p->seccomp.mode); task_seccomp()
|
| /linux-4.1.27/kernel/bpf/ |
| H A D | syscall.c | 454 /* called by sockets/tracing/seccomp before attaching program to an event
|
| /linux-4.1.27/arch/s390/kernel/ |
| H A D | compat_wrapper.c | 217 COMPAT_SYSCALL_WRAP3(seccomp, unsigned int, op, unsigned int, flags, const char __user *, uargs)
|
| H A D | ptrace.c | 22 #include <linux/seccomp.h>
842 /* seccomp failures shouldn't expose any additional code. */ do_syscall_trace_enter()
|
| /linux-4.1.27/arch/sparc/kernel/ |
| H A D | ptrace_64.c | 22 #include <linux/seccomp.h>
|
| /linux-4.1.27/net/core/ |
| H A D | filter.c | 45 #include <linux/seccomp.h>
355 * for socket filters: ctx == 'struct sk_buff *', for seccomp:
|
| /linux-4.1.27/arch/arm64/kernel/ |
| H A D | ptrace.c | 30 #include <linux/seccomp.h>
|
| /linux-4.1.27/arch/powerpc/kernel/ |
| H A D | ptrace.c | 30 #include <linux/seccomp.h>
|
| /linux-4.1.27/fs/ |
| H A D | exec.c | 1243 * PTRACE_ATTACH or seccomp thread-sync
|
| /linux-4.1.27/lib/ |
| H A D | test_bpf.c | 1440 /* seccomp insn, rejected in socket filter */
|