Bug#675615: Bug#676257: ITP: libseccomp -- High level interface to the Linux Kernel's seccomp filter

To: Kees Cook <kees@debian.org>
Cc: 676257@bugs.debian.org, 675615@bugs.debian.org
Subject: Bug#675615: Bug#676257: ITP: libseccomp -- High level interface to the Linux Kernel's seccomp filter
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 05 Jun 2012 23:34:45 +0100
Message-id: <[🔎] 1338935685.21665.45.camel@deadeye.wl.decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 675615@bugs.debian.org
In-reply-to: <20120605212332.GQ29466@outflux.net>
References: <20120605180741.17371.60183.reportbug@localhost6.localdomain6> <1338925401.21665.35.camel@deadeye.wl.decadent.org.uk> <20120605212332.GQ29466@outflux.net>

On Tue, 2012-06-05 at 14:23 -0700, Kees Cook wrote:
> Hi Ben,
> 
> On Tue, Jun 05, 2012 at 08:43:21PM +0100, Ben Hutchings wrote:
> > On Tue, 2012-06-05 at 11:07 -0700, Kees Cook wrote:
> > > Package: wnpp
> > > Severity: wishlist
> > > Owner: Kees Cook <kees@debian.org>
> > > 
> > > * Package name    : libseccomp
> > >   Version         : 0.1.0
> > >   Upstream Author : Paul Moore <pmoore@redhat.com>
> > > * URL             : https://sourceforge.net/projects/libseccomp/
> > > * License         : LGPLv2
> > >   Programming Lang: C
> > >   Description     : High level interface to the Linux Kernel's seccomp filter
> > > 
> > > This library provides a high level interface to constructing, analyzing
> > > and installing seccomp filters via a BPF passed to the Linux Kernel's
> > > prctl() syscall.
> > 
> > So are you going to help us with backporting this to Linux 3.2
> > (bug #675615) or is this supposed to be post-wheezy?
> 
> The 3.2 backport can be lifted from the Ubuntu kernel[1], but libseccomp
> can build regardless of kernel support.

Sorry, yes that's what I meant.

> I just want to make sure it gets
> into the archive in time for projects to start linking against it.
> 
> -Kees
> 
> [1] git://kernel.ubuntu.com/ubuntu/ubuntu-precise.git
> 8f3bc80 UBUNTU: SAUCE: SECCOMP: adjust prctl constant
> 426ae7e UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations
> 5125a0c UBUNTU: SAUCE: SECCOMP: Documentation: prctl/seccomp_filter
> 9fe7d2f UBUNTU: SAUCE: SECCOMP: x86: Enable HAVE_ARCH_SECCOMP_FILTER
> f90be55 UBUNTU: SAUCE: SECCOMP: ptrace,seccomp: Add PTRACE_SECCOMP support
> d9157b0 UBUNTU: SAUCE: SECCOMP: seccomp: Add SECCOMP_RET_TRAP
> 815c5af UBUNTU: SAUCE: SECCOMP: signal, x86: add SIGSYS info and make it synchronous.
> 7ad6853 UBUNTU: SAUCE: SECCOMP: seccomp: add SECCOMP_RET_ERRNO
> f9fbf9f UBUNTU: SAUCE: SECCOMP: seccomp: remove duplicated failure logging
> 7846755 UBUNTU: SAUCE: SECCOMP: seccomp: add system call filtering using BPF
> 289c05b UBUNTU: SAUCE: SECCOMP: asm/syscall.h: add syscall_get_arch
> 177ef2e UBUNTU: SAUCE: SECCOMP: arch/x86: add syscall_get_arch to syscall.h
> a115718 UBUNTU: SAUCE: SECCOMP: seccomp: kill the seccomp_t typedef
> e35e75b UBUNTU: SAUCE: SECCOMP: net/compat.c,linux/filter.h: share compat_sock_fprog
> f60cccd UBUNTU: SAUCE: SECCOMP: sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
> 8370a7f UBUNTU: SAUCE: SECCOMP: Fix apparmor for PR_{GET,SET}_NO_NEW_PRIVS
> be4b587 UBUNTU: SAUCE: SECCOMP: Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
> 
> And then enable CONFIG_SECCOMP_FILTER for x86 arches.

Thanks.

Ben.

-- 
Ben Hutchings
It is easier to write an incorrect program than to understand a correct one.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Bug#611107: ath5k phy0: noise floor calibration timeout
Next by Date: cross compile kernel with deb-pkg
Previous by thread: Bug#652525: [PATCHv2] Make initramfs-tools faster
Next by thread: cross compile kernel with deb-pkg
Index(es):
- Date
- Thread