aboutsummaryrefslogtreecommitdiff
path: root/Documentation/prctl
AgeCommit message (Collapse)AuthorFilesLines
2014-10-28Documentation: Restrict TSC test code to x86Alexander Graf1-1/+1
The prctl test code in Documentation/ tries to show how to use a call that only makes sense on x86. Restrict it there so that other platforms don't try to call asm("rdtsc"). Signed-off-by: Alexander Graf <[email protected]> Acked-by: Peter Foley <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]>
2014-09-26Documentation: update .gitignore filesPeter Foley1-0/+3
Add some missing files to .gitignore. Push Documentation/.gitignore down into subdirectories. Signed-off-by: Peter Foley <[email protected]> Signed-off-by: Randy Dunlap <[email protected]> Signed-off-by: Jiri Kosina <[email protected]>
2014-09-26Documentation: make functions static to avoid prototype warningsPeter Foley3-10/+13
Signed-off-by: Peter Foley <[email protected]> Signed-off-by: Randy Dunlap <[email protected]> Signed-off-by: Jiri Kosina <[email protected]>
2014-09-26Documentation: add makefiles for more targetsPeter Foley1-0/+8
Add a bunch of previously unbuilt source files to the Documentation build machinery. Signed-off-by: Peter Foley <[email protected]> Signed-off-by: Randy Dunlap <[email protected]> Signed-off-by: Jiri Kosina <[email protected]>
2012-10-02seccomp: Make syscall skipping and nr changes more consistentAndy Lutomirski1-6/+68
This fixes two issues that could cause incompatibility between kernel versions: - If a tracer uses SECCOMP_RET_TRACE to select a syscall number higher than the largest known syscall, emulate the unknown vsyscall by returning -ENOSYS. (This is unlikely to make a noticeable difference on x86-64 due to the way the system call entry works.) - On x86-64 with vsyscall=emulate, skipped vsyscalls were buggy. This updates the documentation accordingly. Signed-off-by: Andy Lutomirski <[email protected]> Acked-by: Will Drewry <[email protected]> Signed-off-by: James Morris <[email protected]>
2012-07-08security: Minor improvements to no_new_privs documentationAndy Lutomirski1-0/+7
The documentation didn't actually mention how to enable no_new_privs. This also adds a note about possible interactions between no_new_privs and LSMs (i.e. why teaching systemd to set no_new_privs is not necessarily a good idea), and it references the new docs from include/linux/prctl.h. Suggested-by: Rob Landley <[email protected]> Signed-off-by: Andy Lutomirski <[email protected]> Acked-by: Kees Cook <[email protected]> Signed-off-by: James Morris <[email protected]>
2012-07-03security: document no_new_privsAndy Lutomirski1-0/+50
Document no_new_privs. Signed-off-by: Andy Lutomirski <[email protected]> Acked-by: Kees Cook <[email protected]> Signed-off-by: James Morris <[email protected]>
2012-04-14Documentation: prctl/seccomp_filterWill Drewry1-0/+163
Documents how system call filtering using Berkeley Packet Filter programs works and how it may be used. Includes an example for x86 and a semi-generic example using a macro-based code generator. Acked-by: Eric Paris <[email protected]> Signed-off-by: Will Drewry <[email protected]> Acked-by: Kees Cook <[email protected]> v18: - added acked by - update no new privs numbers v17: - remove @compat note and add Pitfalls section for arch checking ([email protected]) v16: - v15: - v14: - rebase/nochanges v13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc v12: - comment on the ptrace_event use - update arch support comment - note the behavior of SECCOMP_RET_DATA when there are multiple filters ([email protected]) - lots of samples/ clean up incl 64-bit bpf-direct support ([email protected]) - rebase to linux-next v11: - overhaul return value language, updates ([email protected]) - comment on do_exit(SIGSYS) v10: - update for SIGSYS - update for new seccomp_data layout - update for ptrace option use v9: - updated bpf-direct.c for SIGILL v8: - add PR_SET_NO_NEW_PRIVS to the samples. v7: - updated for all the new stuff in v7: TRAP, TRACE - only talk about PR_SET_SECCOMP now - fixed bad JLE32 check ([email protected]) - adds dropper.c: a simple system call disabler v6: - tweak the language to note the requirement of PR_SET_NO_NEW_PRIVS being called prior to use. ([email protected]) v5: - update sample to use system call arguments - adds a "fancy" example using a macro-based generator - cleaned up bpf in the sample - update docs to mention arguments - fix prctl value ([email protected]) - language cleanup ([email protected]) v4: - update for no_new_privs use - minor tweaks v3: - call out BPF <-> Berkeley Packet Filter ([email protected]) - document use of tentative always-unprivileged - guard sample compilation for i386 and x86_64 v2: - move code to samples ([email protected]) Signed-off-by: James Morris <[email protected]>
2008-04-19generic, x86: add tests for prctl PR_GET_TSC and PR_SET_TSCErik Bosman3-0/+285
This patch adds three tests that test whether the PR_GET_TSC and PR_SET_TSC commands have the desirable effect. The tests check whether the control register is updated correctly at context switches and try to discover bugs while enabling/disabling the timestamp counter. Signed-off-by: Erik Bosman <[email protected]> Signed-off-by: Ingo Molnar <[email protected]> Signed-off-by: Thomas Gleixner <[email protected]>
Powered by cgit, Gruvboxed by Blaster4385.