| /Linux-v6.1/include/linux/ |
| D | seccomp.h | 36 struct seccomp { struct
57 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode() argument
66 struct seccomp { }; struct
87 static inline int seccomp_mode(struct seccomp *s) in seccomp_mode()
|
| /Linux-v6.1/kernel/ |
| D | seccomp.c | 407 READ_ONCE(current->seccomp.filter); in seccomp_run_filters()
436 if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) in seccomp_may_assign_mode()
450 task->seccomp.mode = seccomp_mode; in seccomp_assign_mode()
501 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED || in seccomp_can_sync_threads()
502 (thread->seccomp.mode == SECCOMP_MODE_FILTER && in seccomp_can_sync_threads()
503 is_ancestor(thread->seccomp.filter, in seccomp_can_sync_threads()
504 caller->seccomp.filter))) in seccomp_can_sync_threads()
564 struct seccomp_filter *orig = tsk->seccomp.filter; in seccomp_filter_release()
570 tsk->seccomp.filter = NULL; in seccomp_filter_release()
604 __seccomp_filter_release(thread->seccomp.filter); in seccomp_sync_threads()
[all …]
|
| D | ptrace.c | 381 if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED || in check_ptrace_options()
966 info->seccomp.ret_data = child->ptrace_message; in ptrace_get_syscall_info_seccomp()
969 return offsetofend(struct ptrace_syscall_info, seccomp.ret_data); in ptrace_get_syscall_info_seccomp()
|
| D | Makefile | 97 obj-$(CONFIG_SECCOMP) += seccomp.o
|
| D | sys_ni.c | 336 COND_SYSCALL(seccomp);
|
| /Linux-v6.1/Documentation/userspace-api/ |
| D | seccomp_filter.rst | 24 Additionally, BPF makes it impossible for users of seccomp to fall prey
46 An additional seccomp mode is added and is enabled using the same
47 prctl(2) call as the strict seccomp. If the architecture has
87 A seccomp filter may return any of the following values. If multiple
119 ``SIGSYS`` triggered by seccomp will have a si_code of ``SYS_SECCOMP``.
149 The seccomp check will not be run again after the tracer is
150 notified. (This means that seccomp-based sandboxes MUST NOT
187 The ``samples/seccomp/`` directory contains both an x86-specific example
194 The ``SECCOMP_RET_USER_NOTIF`` return code lets seccomp filters pass a
200 argument to the ``seccomp()`` syscall:
[all …]
|
| D | no_new_privs.rst | 47 - Filters installed for the seccomp mode 2 sandbox persist across
|
| /Linux-v6.1/Documentation/features/seccomp/seccomp-filter/ |
| D | arch-support.txt | 2 # Feature name: seccomp-filter
4 # description: arch supports seccomp filters
|
| /Linux-v6.1/tools/testing/selftests/seccomp/ |
| D | seccomp_bpf.c | 278 #ifndef seccomp
279 int seccomp(unsigned int op, unsigned int flags, void *args) in seccomp() function
829 ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, in kill_thread_or_group()
838 ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog_thread)); in kill_thread_or_group()
2109 FIXTURE_VARIANT_ADD(TRACE_syscall, seccomp) { in FIXTURE_VARIANT_ADD() argument
2305 ret = seccomp(-1, 0, &prog); in TEST()
2314 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL); in TEST()
2318 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, &prog); in TEST()
2324 ret = seccomp(SECCOMP_SET_MODE_FILTER, -1, &prog); in TEST()
2328 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, NULL); in TEST()
[all …]
|
| /Linux-v6.1/samples/seccomp/ |
| D | user-trap.c | 26 static int seccomp(unsigned int op, unsigned int flags, void *args) in seccomp() function
101 return seccomp(SECCOMP_SET_MODE_FILTER, flags, &prog); in user_trap_syscall()
293 if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes) < 0) { in main()
|
| /Linux-v6.1/rust/ |
| D | bindgen_parameters | 20 # `seccomp`'s comment gets understood as a doctest
|
| /Linux-v6.1/samples/ |
| D | Makefile | 20 subdir-$(CONFIG_SAMPLE_SECCOMP) += seccomp
|
| D | Kconfig | 170 bool "Build seccomp sample code"
173 Build samples of seccomp filters using various methods of
|
| /Linux-v6.1/include/uapi/linux/ |
| D | ptrace.h | 101 } seccomp; member
|
| /Linux-v6.1/arch/loongarch/ |
| D | Kconfig | 463 bool "Enable seccomp to safely compute untrusted bytecode"
472 their own address space using seccomp. Once seccomp is
473 enabled via /proc/<pid>/seccomp, it cannot be disabled
475 defined by each seccomp mode.
|
| /Linux-v6.1/arch/mips/kernel/ |
| D | scall64-n32.S | 78 bltz v0, 1f # seccomp failed? Skip syscall
|
| D | scall64-n64.S | 88 bltz v0, 1f # seccomp failed? Skip syscall
|
| D | scall32-o32.S | 128 bltz v0, 1f # seccomp failed? Skip syscall
|
| D | scall64-o32.S | 133 bltz v0, 1f # seccomp failed? Skip syscall
|
| /Linux-v6.1/arch/ |
| D | Kconfig | 501 An arch should select this symbol to support seccomp mode 1 (the fixed
503 and compat syscalls if the asm-generic/seccomp.h defaults need adjustment:
523 - seccomp syscall wired up
529 prompt "Enable seccomp to safely execute untrusted bytecode"
538 own address space using seccomp. Once seccomp is enabled via
539 prctl(PR_SET_SECCOMP) or the seccomp() syscall, it cannot be
541 syscalls defined by each seccomp mode.
556 bool "Show seccomp filter cache status in /proc/pid/seccomp_cache"
561 seccomp cache data. The file format is subject to change. Reading
565 an adversary may be able to infer the seccomp filter logic.
|
| /Linux-v6.1/init/ |
| D | init_task.c | 211 .seccomp = { .filter_count = ATOMIC_INIT(0) },
|
| /Linux-v6.1/tools/testing/selftests/ |
| D | Makefile | 66 TARGETS += seccomp
|
| /Linux-v6.1/Documentation/security/ |
| D | landlock.rst | 36 seccomp-bpf.
|
| /Linux-v6.1/fs/proc/ |
| D | array.c | 339 seq_put_decimal_ull(m, "\nSeccomp:\t", p->seccomp.mode); in task_seccomp()
342 atomic_read(&p->seccomp.filter_count)); in task_seccomp()
|
| /Linux-v6.1/Documentation/dev-tools/ |
| D | kselftest.rst | 167 $ ./run_kselftest.sh -c bpf -c seccomp -t timers:posix_timers -t timer:nanosleep
363 The tests from tools/testing/selftests/seccomp/seccomp_bpf.c can be used as
|
