Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filt

To:	Will Drewry <wad@chromium.org>
Subject:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
From:	James Morris <jmorris@namei.org>
Date:	Thu, 12 May 2011 21:33:27 +1000 (EST)
Cc:	linux-kernel@vger.kernel.org, Steven Rostedt <rostedt@goodmis.org>, Frederic Weisbecker <fweisbec@gmail.com>, Eric Paris <eparis@redhat.com>, Ingo Molnar <mingo@elte.hu>, kees.cook@canonical.com, agl@chromium.org, Peter Zijlstra <a.p.zijlstra@chello.nl>, "Serge E. Hallyn" <serge@hallyn.com>, Ingo Molnar <mingo@redhat.com>, Andrew Morton <akpm@linux-foundation.org>, Tejun Heo <tj@kernel.org>, Michal Marek <mmarek@suse.cz>, Oleg Nesterov <oleg@redhat.com>, Roland McGrath <roland@redhat.com>, Jiri Slaby <jslaby@suse.cz>, David Howells <dhowells@redhat.com>, Russell King <linux@arm.linux.org.uk>, Michal Simek <monstr@monstr.eu>, Ralf Baechle <ralf@linux-mips.org>, Benjamin Herrenschmidt <benh@kernel.crashing.org>, Paul Mackerras <paulus@samba.org>, Martin Schwidefsky <schwidefsky@de.ibm.com>, Heiko Carstens <heiko.carstens@de.ibm.com>, linux390@de.ibm.com, Paul Mundt <lethal@linux-sh.org>, "David S. Miller" <davem@davemloft.net>, Thomas Gleixner <tglx@linutronix.de>, "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org, Peter Zijlstra <peterz@infradead.org>, linux-arm-kernel@lists.infradead.org, microblaze-uclinux@itee.uq.edu.au, linux-mips@linux-mips.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org
In-reply-to:	<1305169376-2363-1-git-send-email-wad@chromium.org>
Original-recipient:	rfc822;linux-mips@linux-mips.org
References:	<1304017638.18763.205.camel@gandalf.stny.rr.com> <1305169376-2363-1-git-send-email-wad@chromium.org>
Sender:	linux-mips-bounce@linux-mips.org
User-agent:	Alpine 2.00 (LRH 1167 2008-08-23)

On Wed, 11 May 2011, Will Drewry wrote:

> +void seccomp_filter_log_failure(int syscall)
> +{
> +     printk(KERN_INFO
> +             "%s[%d]: system call %d (%s) blocked at ip:%lx\n",
> +             current->comm, task_pid_nr(current), syscall,
> +             syscall_nr_to_name(syscall), KSTK_EIP(current));
> +}

I think it'd be a good idea to utilize the audit facility here.


- James
-- 
James Morris
<jmorris@namei.org>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, (continued) Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, James Morris Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, James Morris Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, James Morris Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Pavel Machek Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Frederic Weisbecker Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, James Morris <= Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Arnd Bergmann Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Will Drewry Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Arnd Bergmann Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Steven Rostedt Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Will Drewry

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar
Next by Date:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, James Morris
Previous by Thread:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Frederic Weisbecker
Next by Thread:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Arnd Bergmann
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar

Next by Date:

Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, James Morris

Previous by Thread:

Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Frederic Weisbecker

Next by Thread:

Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Arnd Bergmann

Indexes:

[Date] [Thread] [Top] [All Lists]