kernel_optimize_test/Documentation
Kees Cook 2f4b3bf6b2 /proc/pid/status: add "Seccomp" field
It is currently impossible to examine the state of seccomp for a given
process.  While attaching with gdb and attempting "call
prctl(PR_GET_SECCOMP,...)" will work with some situations, it is not
reliable.  If the process is in seccomp mode 1, this query will kill the
process (prctl not allowed), if the process is in mode 2 with prctl not
allowed, it will similarly be killed, and in weird cases, if prctl is
filtered to return errno 0, it can look like seccomp is disabled.

When reviewing the state of running processes, there should be a way to
externally examine the seccomp mode.  ("Did this build of Chrome end up
using seccomp?" "Did my distro ship ssh with seccomp enabled?")

This adds the "Seccomp" line to /proc/$pid/status.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: James Morris <jmorris@namei.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-12-17 17:15:22 -08:00
..
ABI Documentation: remove reference to feature-removal-schedule.txt 2012-12-17 17:15:12 -08:00
accounting doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c 2012-11-26 14:22:21 +01:00
acpi Merge branch 'x86-acpi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-14 10:03:23 -08:00
aoe aoe: update documentation to better reflect aoe-plus-udev usage 2012-10-06 03:05:30 +09:00
arm fbdev changes for 3.8: 2012-12-15 13:03:48 -08:00
arm64 Documentation: Fixes a word in Documentation/arm64/memory.txt 2012-11-29 16:33:18 +00:00
auxdisplay
backlight drivers/video/backlight/lp855x_bl.c: use generic PWM functions 2012-12-17 17:15:16 -08:00
blackfin Documentation: Fix typo in multiple files in Documentation 2012-04-16 14:37:13 +02:00
block block: Kill bi_destructor 2012-09-09 10:35:39 +02:00
blockdev Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
bus-devices ARM: OMAP2+: gpmc: generic timing calculation 2012-11-09 18:07:11 +05:30
cdrom
cgroups cpuset: use N_MEMORY instead N_HIGH_MEMORY 2012-12-12 17:38:32 -08:00
connector connector: Move cn_test.c away from NLMSG_PUT(). 2012-06-26 21:19:02 -07:00
console
cpu-freq acpi-cpufreq: Add support for disabling dynamic overclocking 2012-09-09 22:05:12 +02:00
cpuidle Honor state disabling in the cpuidle ladder governor 2012-09-04 01:35:44 +02:00
cris CRIS: Update documentation 2012-04-03 13:09:18 +02:00
crypto KEYS: Document asymmetric key type 2012-10-08 13:50:12 +10:30
development-process Documentation: Update stable address 2011-12-12 14:14:31 -08:00
device-mapper DM RAID: Add rebuild capability for RAID10 2012-10-11 13:40:24 +11:00
devicetree drivers/rtc/rtc-imxdi.c: add devicetree support 2012-12-17 17:15:20 -08:00
DocBook kstrto*: add documentation 2012-12-17 17:15:22 -08:00
driver-model pwm: add devm_pwm_get() and devm_pwm_put() 2012-09-10 17:05:45 +02:00
dvb get_dvb_firmware: fix download site for tda10046 firmware 2012-09-28 16:16:00 -03:00
early-userspace
EDID drm: allow loading an EDID as firmware to override broken monitor 2012-03-20 10:09:28 +00:00
extcon Documentation/extcon: porting guide for Android kernel switch driver. 2012-04-20 09:24:27 -07:00
fault-injection doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
fb Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
filesystems /proc/pid/status: add "Seccomp" field 2012-12-17 17:15:22 -08:00
firmware_class firmware loader: document firmware cache mechanism 2012-11-14 15:07:18 -08:00
frv
hid doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
hwmon Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
i2c i2c: Mention functionality flags in SMBus protocol documentation 2012-12-16 21:11:55 +01:00
i2o Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
ia64 doc: aliasing-test: close fd on write error 2012-09-01 09:57:10 -07:00
ide Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
infiniband IB/ipoib: Add rtnl_link_ops support 2012-09-20 16:49:17 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2012-12-13 12:00:48 -08:00
ioctl ioctl-number.txt: Remove legacy private ioctl's from media drivers 2012-08-14 00:07:39 -03:00
isdn Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
ja_JP
kbuild Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
kdump kexec: update URL of kexec homepage 2012-07-18 18:35:57 -07:00
ko_KR driver-core: documentation: fix up Greg's email address 2012-02-15 14:48:01 -08:00
laptops Documentation: fix the VM knobs descritpion WRT pdflush 2012-08-04 12:15:09 +04:00
leds leds-lp5523: add channel name in the platform data 2012-09-11 18:32:41 +08:00
m68k
make
memory-devices memory: emif: add basic infrastructure for EMIF driver 2012-05-02 00:10:49 -07:00
mips
misc-devices doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
mmc mmc: core: Extend sysfs to ext_csd parameters for RPMB support 2012-12-06 13:54:48 -05:00
mn10300
mtd
namespaces
netlabel
networking doc: Tighten-up and clarify description of tcp_fin_timeout 2012-12-10 17:14:28 -05:00
nfc NFC: Error management documentation 2012-07-09 16:42:11 -04:00
parisc Documentation: Fix typo in multiple files in Documentation 2012-04-16 14:37:13 +02:00
PCI PCI: SRIOV control and status via sysfs (documentation) 2012-11-28 11:25:47 -07:00
pcmcia
power Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2012-12-11 22:15:57 -08:00
powerpc Revert "powerpc/hw-breakpoint: Use generic hw-breakpoint interfaces for new PPC ptrace flags" 2012-05-22 14:37:24 +10:00
pps
prctl seccomp: Make syscall skipping and nr changes more consistent 2012-10-02 21:14:29 +10:00
pti
ptp
rapidio RapidIO: documentation update 2011-11-02 16:07:02 -07:00
RCU Merge branches 'urgent.2012.10.27a', 'doc.2012.11.16a', 'fixes.2012.11.13a', 'srcu.2012.10.27a', 'stall.2012.11.13a', 'tracing.2012.11.08a' and 'idle.2012.10.24a' into HEAD 2012-11-16 09:59:58 -08:00
s390 Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
scheduler sched: Remove __ARCH_WANT_INTERRUPTS_ON_CTXSW 2012-09-13 16:52:04 +02:00
scsi [SCSI] hptiop: Support HighPoint RR4520/RR4522 HBA 2012-11-27 08:59:43 +04:00
security Documentation: fix Documentation/security/00-INDEX 2012-12-17 17:15:22 -08:00
serial firmware: remove computone driver firmware and documentation 2012-08-16 12:31:18 -07:00
sh
sound ALSA: usb-audio: Deprecate async_unlink option 2012-11-21 11:37:40 +01:00
spi spi: Updates for v3.7 2012-10-02 17:26:42 -07:00
sysctl coredump: add support for %d=__get_dumpable() in core name 2012-10-06 03:05:15 +09:00
target target: Simplify fabric sense data length handling 2012-09-17 17:12:58 -07:00
thermal Thermal: Add documentation for platform layer data 2012-11-05 14:00:09 +08:00
timers
trace doc: fix old config name of kprobetrace 2012-09-27 12:11:29 +02:00
usb USB: report submission of active URBs 2012-11-11 18:10:46 -08:00
vDSO
video4linux doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
virtual KVM: PPC: booke: Get/set guest EPCR register using ONE_REG interface 2012-12-06 01:34:20 +01:00
vm Merge branch 'akpm' (Andrew's patch-bomb) 2012-12-13 13:11:15 -08:00
w1 1-Wire: Add support for the maxim ds1825 temperature sensor 2012-08-16 12:33:59 -07:00
watchdog watchdog: fix watchdog-test.c build warning 2012-08-29 17:12:58 +02:00
wimax
x86 x86/boot/doc: Fix grammar and typo in boot.txt 2012-10-26 12:18:38 +02:00
zh_CN Documentation:Update Documentation/zh_CN/arm64/memory.txt 2012-11-26 16:25:37 -08:00
.gitignore
00-INDEX Documentation: remove reference to feature-removal-schedule.txt 2012-12-17 17:15:12 -08:00
applying-patches.txt
atomic_ops.txt doc: Add load/store guarantees to Documentation/atomic-ops.txt 2011-12-11 10:31:58 -08:00
bad_memory.txt
basic_profiling.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
Changes
circular-buffers.txt
clk.txt Documentation: common clk API 2012-03-16 20:35:01 +00:00
coccinelle.txt coccinelle.txt: update documentation to include M= option 2012-01-14 22:25:56 +01:00
CodingStyle CodingStyle: add networking specific block comment style 2012-10-06 03:04:59 +09:00
cpu-hotplug.txt doc: Add x86 CPU0 online/offline feature 2012-11-14 09:39:44 -08:00
cpu-load.txt
cputopology.txt
crc32.txt crc32: move long comment about crc32 fundamentals to Documentation/ 2012-03-23 16:58:37 -07:00
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt firmware: remove last vestiges of dabusb 2012-11-21 13:03:01 -08:00
digsig.txt crypto: digital signature verification support 2011-11-09 12:10:37 +02:00
DMA-API-HOWTO.txt
DMA-API.txt include/linux/dma-mapping.h: add dma_zalloc_coherent() 2011-11-02 16:07:02 -07:00
DMA-attributes.txt common: DMA-mapping: add DMA_ATTR_FORCE_CONTIGUOUS attribute 2012-11-29 03:30:34 -08:00
dma-buf-sharing.txt doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
DMA-ISA-LPC.txt
dmaengine.txt Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
dontdiff x86: remove offsets.h from .gitignore and dontdiff 2012-11-19 14:10:53 +01:00
dynamic-debug-howto.txt dynamic_debug: update Documentation/*, Kconfig.debug 2012-04-30 16:26:30 -04:00
edac.txt Merge branch 'devel' 2012-07-29 21:11:05 -03:00
eisa.txt MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
email-clients.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gpio.txt gpiolib: provide provision to register pin ranges 2012-11-11 19:06:00 +01:00
highuid.txt
HOWTO HOWTO: fix double words typo 2012-12-10 15:54:27 +01:00
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt Documentation/initrd.txt: Change the location of util-linux 2012-05-25 16:18:34 +02:00
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt IPMI: Remove SMBus driver info from the docs 2012-10-16 18:07:12 -07:00
IRQ-affinity.txt
IRQ-domain.txt irqdomain: update documentation 2012-12-05 23:52:10 +00:00
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt Kernel-doc: Convention: Use a "Return" section to describe return values 2012-11-27 21:08:57 +01:00
kernel-docs.txt
kernel-parameters.txt Documentation/kernel-parameters.txt: update mem= option's spec according to its implementation 2012-12-17 17:15:12 -08:00
kmemcheck.txt
kmemleak.txt kmemleak: Handle percpu memory allocation 2011-12-02 16:12:42 +00:00
kobject.txt Documentation: Fix "struct kobj_type" to include newer members. 2012-09-04 16:06:34 -07:00
kprobes.txt
kref.txt kref: Add kref_get_unless_zero documentation 2012-11-28 18:36:06 +10:00
ldm.txt
local_ops.txt
lockdep-design.txt lockdep: Update documentation for lock-class leak detection 2011-12-11 10:31:23 -08:00
lockstat.txt
lockup-watchdogs.txt watchdog: Update documentation 2012-02-11 15:11:28 +01:00
logo.gif
logo.txt
magic-number.txt drivers/net: fix up stale paths from driver reorg 2012-01-30 12:54:40 -05:00
Makefile mei: move doc files Documentation/misc-devices/mei 2012-05-09 13:59:09 -07:00
ManagementStyle Documentation: ManagementStyle: fixed typo 2012-06-28 12:03:15 +02:00
md.txt md: create externally visible flags for supporting hot-replace. 2011-12-23 10:17:51 +11:00
media-framework.txt [media] media: Add link_validate() op to check links to the sink pad 2012-05-14 08:44:11 -03:00
memory-barriers.txt Documentation: Fix memory-barriers.txt example 2012-10-23 14:44:46 -07:00
memory-hotplug.txt hotplug: update nodemasks management 2012-12-12 17:38:33 -08:00
mono.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
mutex-design.txt
nommu-mmap.txt
numastat.txt Doc: Update numastat.txt 2012-02-28 16:05:06 +01:00
oops-tracing.txt module,bug: Add TAINT_OOT_MODULE flag for modules not built in-tree 2011-11-07 07:54:42 +10:30
padata.txt
parport-lowlevel.txt
parport.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
percpu-rw-semaphore.txt percpu-rw-semaphore: fix documentation typos 2012-09-26 19:56:15 +02:00
pi-futex.txt
pinctrl.txt gpiolib: provide provision to register pin ranges 2012-11-11 19:06:00 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt lib/vsprintf: update documentation to cover all of %p[Mm][FR] 2012-10-06 03:04:50 +09:00
pwm.txt pwm: add devm_pwm_get() and devm_pwm_put() 2012-09-10 17:05:45 +02:00
ramoops.txt pstore/ftrace: Convert to its own enable/disable debugfs knob 2012-09-06 22:16:58 -07:00
rbtree.txt rbtree: move augmented rbtree functionality to rbtree_augmented.h 2012-10-09 16:22:40 +09:00
remoteproc.txt remoteproc: add rproc_report_crash function to notify rproc crashes 2012-09-18 12:53:22 +03:00
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt rpmsg: add virtio-based remote processor messaging bus 2012-02-08 22:53:58 +02:00
rt-mutex-design.txt
rt-mutex.txt
rtc.txt rtc-proc: permit the /proc/driver/rtc device to use other devices 2012-10-06 03:05:01 +09:00
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt
smsc_ece1099.txt mfd: smsc: Add support for smsc gpio io/keypad driver 2012-10-01 15:27:48 +02:00
sparse.txt
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable: Allow merging of backports for serious user-visible performance issues 2012-06-25 12:11:58 -07:00
static-keys.txt Documentation: Fix typo in multiple files in Documentation 2012-04-16 14:37:13 +02:00
SubmitChecklist
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: suggested the use of scripts/get_maintainer.pl 2012-05-25 16:18:30 +02:00
svga.txt
sysfs-rules.txt
sysrq.txt sparc64: Add global PMU register dumping via sysrq. 2012-10-16 09:34:01 -07:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt vfio: Trivial Documentation correction 2012-09-21 10:48:03 -06:00
VGA-softcursor.txt
vgaarbiter.txt misc latin1 to utf8 conversions 2012-01-02 13:04:55 +01:00
video-output.txt
vme_api.txt VME: Move API documentation to Documentation folder 2012-05-08 16:01:34 -07:00
volatile-considered-harmful.txt
workqueue.txt workqueue: reimplement WQ_HIGHPRI using a separate worker_pool 2012-07-13 22:24:45 -07:00
xz.txt
zorro.txt