Contents of /alx-src/tags/kernel26-2.6.12-alx-r9/kernel/seccomp.c
Parent Directory
|
Revision Log
Revision 630 -
(show annotations)
(download)
Wed Mar 4 11:03:09 2009 UTC (15 years, 3 months ago) by niro
File MIME type: text/plain
File size: 1155 byte(s)
Wed Mar 4 11:03:09 2009 UTC (15 years, 3 months ago) by niro
File MIME type: text/plain
File size: 1155 byte(s)
Tag kernel26-2.6.12-alx-r9
1 | /* |
2 | * linux/kernel/seccomp.c |
3 | * |
4 | * Copyright 2004-2005 Andrea Arcangeli <andrea@cpushare.com> |
5 | * |
6 | * This defines a simple but solid secure-computing mode. |
7 | */ |
8 | |
9 | #include <linux/seccomp.h> |
10 | #include <linux/sched.h> |
11 | |
12 | /* #define SECCOMP_DEBUG 1 */ |
13 | |
14 | /* |
15 | * Secure computing mode 1 allows only read/write/exit/sigreturn. |
16 | * To be fully secure this must be combined with rlimit |
17 | * to limit the stack allocations too. |
18 | */ |
19 | static int mode1_syscalls[] = { |
20 | __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn, |
21 | 0, /* null terminated */ |
22 | }; |
23 | |
24 | #ifdef TIF_32BIT |
25 | static int mode1_syscalls_32[] = { |
26 | __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, |
27 | 0, /* null terminated */ |
28 | }; |
29 | #endif |
30 | |
31 | void __secure_computing(int this_syscall) |
32 | { |
33 | int mode = current->seccomp.mode; |
34 | int * syscall; |
35 | |
36 | switch (mode) { |
37 | case 1: |
38 | syscall = mode1_syscalls; |
39 | #ifdef TIF_32BIT |
40 | if (test_thread_flag(TIF_32BIT)) |
41 | syscall = mode1_syscalls_32; |
42 | #endif |
43 | do { |
44 | if (*syscall == this_syscall) |
45 | return; |
46 | } while (*++syscall); |
47 | break; |
48 | default: |
49 | BUG(); |
50 | } |
51 | |
52 | #ifdef SECCOMP_DEBUG |
53 | dump_stack(); |
54 | #endif |
55 | do_exit(SIGKILL); |
56 | } |