Received: by 10.192.165.148 with SMTP id m20csp203711imm; Thu, 3 May 2018 18:11:19 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpWT274Mcl0kPegkCNW4OTHNzCkDBPAdhy3PI4GdTqsQBjtSGvjFHvMqRFe1+9oCYpXv+8D X-Received: by 2002:a65:468d:: with SMTP id h13-v6mr20777930pgr.166.1525396279333; Thu, 03 May 2018 18:11:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525396279; cv=none; d=google.com; s=arc-20160816; b=DS7LfObQLBmJgZYoHMJLH0Vu15pH6N5fOy8Pk9i1vZwzJaTFxGZJ40qtb3pQIFKR9t NR+TPeA8yWJdAztssBaFfCMztmxp7gkMruFDailHVWM/OR18mHlOjfm+7o9+hWQTd3jK v4uu0sscOV67hguwbLBKmkkF1WjsALX9b4rJrQP1P77av3ZQCw6shUTMO7y+W08Q7cSL iZ60e5Kfjx7I/92CUs9N/lbHyd6VENk75WspmvMk2LYTOscqtOYCkaiA4MXz3UxTwKac fzLWkN5ce2JeXEXPEYghsl90lZ7LsrpEICbxj6RCPA4h2z5l6BarGpdOzBsUHjzkWWRE zBrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=PQxaEdJ5JUm0kNvbKiyNltEEw8/5oOacQsiBrHf+1HM=; b=EbF/t3ShlUvU2AgQ/AP9uyJrV53mFFkv+CdAkxsyT40KE/gRR1DM5NbCiKeKFJctJo F4CbaOoRQPVnGyUsvFLltEscUEfXbhX2qoQUmsLwKQiVA2wpwOTWPlkbJPE8DfBRryQI fVnj9CChTv0P6FWzF5kkVHMnMYStFQNxvCsy4CqCAzwkZlscpaMyBJKXv7Y/Em8eJBr7 zBZyE0uRpeAiDol8Q4Z6Cpwyq7xNjk/3dJss/pOWluNGbvwWz+DrhhLlXSA0lFYF01AB GgLZPAxs4Ln/pS0Vs9qdFR3ggcPDWbVxIBAvmdVGkDk2+INNvk/KAJbvRNj9q6pHODCC WYJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h127si1371260pfb.111.2018.05.03.18.11.04; Thu, 03 May 2018 18:11:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751360AbeEDBKQ (ORCPT + 99 others); Thu, 3 May 2018 21:10:16 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:52101 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751336AbeEDBKN (ORCPT ); Thu, 3 May 2018 21:10:13 -0400 Received: from 2.general.tyhicks.us.vpn ([10.172.64.53] helo=sec.ubuntu-ci) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fEPDr-0008Hm-K5; Fri, 04 May 2018 01:09:19 +0000 From: Tyler Hicks To: linux-kernel@vger.kernel.org Cc: Kees Cook , Andy Lutomirski , Will Drewry , Paul Moore , Eric Paris , Steve Grubb , Jonathan Corbet , linux-audit@redhat.com, linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v3 2/4] seccomp: Configurable separator for the actions_logged string Date: Fri, 4 May 2018 01:08:13 +0000 Message-Id: <1525396095-27737-3-git-send-email-tyhicks@canonical.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1525396095-27737-1-git-send-email-tyhicks@canonical.com> References: <1525396095-27737-1-git-send-email-tyhicks@canonical.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The function that converts a bitmask of seccomp actions that are allowed to be logged is currently only used for constructing the display string for the kernel.seccomp.actions_logged sysctl. That string wants a space character to be used for the separator between actions. A future patch will make use of the same function for building a string that will be sent to the audit subsystem for tracking modifications to the kernel.seccomp.actions_logged sysctl. That string will need to use a comma as a separator. This patch allows the separator character to be configurable to meet both needs. Signed-off-by: Tyler Hicks --- kernel/seccomp.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index f4afe67..b36ac1e 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1135,10 +1135,11 @@ static const struct seccomp_log_name seccomp_log_names[] = { }; static bool seccomp_names_from_actions_logged(char *names, size_t size, - u32 actions_logged) + u32 actions_logged, + const char *sep) { const struct seccomp_log_name *cur; - bool append_space = false; + bool append_sep = false; for (cur = seccomp_log_names; cur->name && size; cur++) { ssize_t ret; @@ -1146,15 +1147,15 @@ static bool seccomp_names_from_actions_logged(char *names, size_t size, if (!(actions_logged & cur->log)) continue; - if (append_space) { - ret = strscpy(names, " ", size); + if (append_sep) { + ret = strscpy(names, sep, size); if (ret < 0) return false; names += ret; size -= ret; } else - append_space = true; + append_sep = true; ret = strscpy(names, cur->name, size); if (ret < 0) @@ -1208,7 +1209,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer, memset(names, 0, sizeof(names)); if (!seccomp_names_from_actions_logged(names, sizeof(names), - seccomp_actions_logged)) + seccomp_actions_logged, " ")) return -EINVAL; table = *ro_table; -- 2.7.4