Home
last modified time | relevance | path

Searched refs:seccomp (Results 1 – 41 of 41) sorted by relevance

/linux-4.4.14/kernel/
Dseccomp.c182 lockless_dereference(current->seccomp.filter); in seccomp_run_filters()
211 if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) in seccomp_may_assign_mode()
222 task->seccomp.mode = seccomp_mode; in seccomp_assign_mode()
270 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED || in seccomp_can_sync_threads()
271 (thread->seccomp.mode == SECCOMP_MODE_FILTER && in seccomp_can_sync_threads()
272 is_ancestor(thread->seccomp.filter, in seccomp_can_sync_threads()
273 caller->seccomp.filter))) in seccomp_can_sync_threads()
317 smp_store_release(&thread->seccomp.filter, in seccomp_sync_threads()
318 caller->seccomp.filter); in seccomp_sync_threads()
335 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) in seccomp_sync_threads()
[all …]
DMakefile76 obj-$(CONFIG_SECCOMP) += seccomp.o
Dfork.c361 tsk->seccomp.filter = NULL; in dup_task_struct()
1179 p->seccomp = current->seccomp; in copy_seccomp()
1194 if (p->seccomp.mode != SECCOMP_MODE_DISABLED) in copy_seccomp()
Dptrace.c590 if (seccomp_mode(&current->seccomp) != SECCOMP_MODE_DISABLED || in ptrace_setoptions()
/linux-4.4.14/include/linux/
Dseccomp.h25 struct seccomp { struct
51 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode()
60 struct seccomp { }; struct
79 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode()
Dsched.h1586 struct seccomp seccomp; member
/linux-4.4.14/Documentation/features/seccomp/seccomp-filter/
Darch-support.txt2 # Feature name: seccomp-filter
4 # description: arch supports seccomp filters
/linux-4.4.14/Documentation/prctl/
Dseccomp_filter.txt23 Additionally, BPF makes it impossible for users of seccomp to fall prey
45 An additional seccomp mode is added and is enabled using the same
46 prctl(2) call as the strict seccomp. If the architecture has
84 A seccomp filter may return any of the following values. If multiple
111 SIGSYS triggered by seccomp will have a si_code of SYS_SECCOMP.
136 The seccomp check will not be run again after the tracer is
137 notified. (This means that seccomp-based sandboxes MUST NOT
165 The samples/seccomp/ directory contains both an x86-specific example
175 architecture supports both ptrace_event and seccomp, it will be able to
176 support seccomp filter with minor fixup: SIGSYS support and seccomp return
[all …]
Dno_new_privs.txt41 - Filters installed for the seccomp mode 2 sandbox persist across
/linux-4.4.14/tools/testing/selftests/seccomp/
Dseccomp_bpf.c1483 #ifndef seccomp
1484 int seccomp(unsigned int op, unsigned int flags, struct sock_fprog *filter) in seccomp() function
1508 ret = seccomp(-1, 0, &prog); in TEST()
1517 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL); in TEST()
1521 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, &prog); in TEST()
1527 ret = seccomp(SECCOMP_SET_MODE_FILTER, -1, &prog); in TEST()
1531 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, NULL); in TEST()
1536 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); in TEST()
1559 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); in TEST()
1573 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, NULL); in TEST()
[all …]
/linux-4.4.14/samples/
DMakefile4 hw_breakpoint/ kfifo/ kdb/ hidraw/ rpmsg/ seccomp/ \
/linux-4.4.14/arch/microblaze/
DKconfig113 bool "Enable seccomp to safely compute untrusted bytecode"
122 their own address space using seccomp. Once seccomp is
123 enabled via /proc/<pid>/seccomp, it cannot be disabled
125 defined by each seccomp mode.
/linux-4.4.14/arch/parisc/
DKconfig330 prompt "Enable seccomp to safely compute untrusted bytecode"
337 their own address space using seccomp. Once seccomp is
340 defined by each seccomp mode.
/linux-4.4.14/arch/parisc/include/asm/
DKbuild24 generic-y += seccomp.h
/linux-4.4.14/arch/arm/include/asm/
DKbuild24 generic-y += seccomp.h
/linux-4.4.14/arch/tile/include/asm/
DKbuild31 generic-y += seccomp.h
/linux-4.4.14/tools/testing/selftests/
DMakefile19 TARGETS += seccomp
/linux-4.4.14/arch/sparc/
DKconfig237 bool "Enable seccomp to safely compute untrusted bytecode"
246 their own address space using seccomp. Once seccomp is
247 enabled via /proc/<pid>/seccomp, it cannot be disabled
249 defined by each seccomp mode.
/linux-4.4.14/arch/tile/
DKconfig226 bool "Enable seccomp to safely compute untrusted bytecode"
234 their own address space using seccomp. Once seccomp is
236 allowed to execute a few safe syscalls defined by each seccomp
/linux-4.4.14/arch/s390/
DKconfig695 prompt "Enable seccomp to safely compute untrusted bytecode"
703 their own address space using seccomp. Once seccomp is
704 enabled via /proc/<pid>/seccomp, it cannot be disabled
706 defined by each seccomp mode.
/linux-4.4.14/arch/sh/
DKconfig653 bool "Enable seccomp to safely compute untrusted bytecode"
661 their own address space using seccomp. Once seccomp is
663 allowed to execute a few safe syscalls defined by each seccomp
/linux-4.4.14/arch/powerpc/
DKconfig685 bool "Enable seccomp to safely compute untrusted bytecode"
694 their own address space using seccomp. Once seccomp is
695 enabled via /proc/<pid>/seccomp, it cannot be disabled
697 defined by each seccomp mode.
/linux-4.4.14/arch/arm64/
DKconfig547 bool "Enable seccomp to safely compute untrusted bytecode"
554 their own address space using seccomp. Once seccomp is
557 defined by each seccomp mode.
/linux-4.4.14/arch/parisc/kernel/
Dsyscall_table.S436 ENTRY_SAME(seccomp)
/linux-4.4.14/arch/mips/kernel/
Dscall64-n32.S79 bltz v0, 1f # seccomp failed? Skip syscall
Dscall64-64.S90 bltz v0, 1f # seccomp failed? Skip syscall
Dscall64-o32.S134 bltz v0, 1f # seccomp failed? Skip syscall
Dscall32-o32.S134 bltz v0, 1f # seccomp failed? Skip syscall
/linux-4.4.14/arch/powerpc/include/asm/
Dsystbl.h365 SYSCALL_SPU(seccomp)
/linux-4.4.14/arch/s390/kernel/
Dcompat_wrapper.c166 COMPAT_SYSCALL_WRAP3(seccomp, unsigned int, op, unsigned int, flags, const char __user *, uargs)
/linux-4.4.14/arch/x86/entry/syscalls/
Dsyscall_64.tbl326 317 common seccomp sys_seccomp
Dsyscall_32.tbl363 354 i386 seccomp sys_seccomp
/linux-4.4.14/Documentation/networking/
Dfilter.txt585 includes seccomp BPF, classic socket filters, cls_bpf traffic classifier,
805 its content is defined by a specific use case. For seccomp register R1 points
824 optimizations, socket filters and seccomp are using it as assembler. Tracing
1091 seccomp vs socket filters have different security restrictions for classic BPF.
1093 by seccomp verifier. In case of eBPF one configurable verifier is shared for
/linux-4.4.14/fs/proc/
Darray.c333 seq_printf(m, "Seccomp:\t%d\n", p->seccomp.mode); in task_seccomp()
/linux-4.4.14/arch/arm/
DKconfig1633 The seccomp filter system will not be available when this is
1785 prompt "Enable seccomp to safely compute untrusted bytecode"
1792 their own address space using seccomp. Once seccomp is
1795 defined by each seccomp mode.
/linux-4.4.14/arch/mips/
DKconfig2683 bool "Enable seccomp to safely compute untrusted bytecode"
2692 their own address space using seccomp. Once seccomp is
2693 enabled via /proc/<pid>/seccomp, it cannot be disabled
2695 defined by each seccomp mode.
/linux-4.4.14/include/uapi/linux/
DKbuild366 header-y += seccomp.h
/linux-4.4.14/arch/
DKconfig336 - seccomp syscall wired up
/linux-4.4.14/arch/x86/
DKconfig1726 prompt "Enable seccomp to safely compute untrusted bytecode"
1733 their own address space using seccomp. Once seccomp is
1736 defined by each seccomp mode.
/linux-4.4.14/Documentation/filesystems/
Dproc.txt254 Seccomp seccomp mode, like prctl(PR_GET_SECCOMP, ...)
/linux-4.4.14/
DMAINTAINERS9511 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp
9513 F: kernel/seccomp.c
9514 F: include/uapi/linux/seccomp.h
9515 F: include/linux/seccomp.h
9516 F: tools/testing/selftests/seccomp/*