Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp121187imm;
        Thu, 21 Jun 2018 15:06:30 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKKVNMmaZe06PDaUxp1SphnMkFSj21UskCI31Rui2B6vb7MvXbUlLjDQOF2rfY/f/2wmtQ4p
X-Received: by 2002:a65:4a90:: with SMTP id b16-v6mr23765616pgu.136.1529618790398;
        Thu, 21 Jun 2018 15:06:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1529618790; cv=none;
        d=google.com; s=arc-20160816;
        b=QO4nTa8xtW945gmKLHHzryjDwuFDpdCWiDpLzWz7eo6qBge1dxnSLb58xcywWmFRui
         zTZ5Yr9HxKZV4txJvLnW8z9GFNwVpVUtpkT6ATMCjWsw1WkGXtZ/hZWLEMW8d054tYxS
         MXCVBCU00s+K6a39ghU3svUsgIMwsivwDnLy9cZZ/3uTraGMNNF11MIcrkzlJD66/hlv
         QT/KMSAOGjCuwcwZD2enhMS3sct6NGe1zXaWMkrRYnYsFJ/XH5fucs80mpCHJWPTxVES
         YTNlo+wggh57Z4tUG4SicB6mrGo1I/YM2tjdOg/i0wkB/62+jQiU5psX/YH/HhMVwMhz
         2mZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=Vec3g15rqX5tPpr4wXsVAyRefMb116qUxoatzMLj2BU=;
        b=BM3K8DMCTvmtzvlb1ZtWO5/di89A7skLSsLHiaoJerg6HSRFqc2uoQLn3pxCgMUT8X
         GJBol5YLm1sq4tDjbirDnWU6Q0CPwHuTA6Z21wsRICG7hohdnFkE4gAv72JvqMj6xaCO
         OyNuR4QpeSZonfMV8MjIPF5kcdrqc82wZuosuSoX7o5pUZX0wH8oXo6gRQ0jXQ0t23EV
         V8cfcFekrEmiZ52BCHdvtLGbwFzuoiE4MApnVX3/t3LxRx/GmAm2Zanq8n8jggUXY/4r
         AS/alS85nIo6udjSLxEtXXG7oZZp37P7cbCT+pxOn3RfAcMOuH2g1xjS3PBLIOIPofEO
         OZtQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=uy2oX6tE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x16-v6si5375200pfh.354.2018.06.21.15.06.16;
        Thu, 21 Jun 2018 15:06:30 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=uy2oX6tE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933864AbeFUWEq (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Thu, 21 Jun 2018 18:04:46 -0400
Received: from mail-qt0-f196.google.com ([209.85.216.196]:33224 "EHLO
        mail-qt0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933807AbeFUWEm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 21 Jun 2018 18:04:42 -0400
Received: by mail-qt0-f196.google.com with SMTP id l10-v6so4349718qtj.0
        for <linux-kernel@vger.kernel.org>; Thu, 21 Jun 2018 15:04:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id;
        bh=Vec3g15rqX5tPpr4wXsVAyRefMb116qUxoatzMLj2BU=;
        b=uy2oX6tEmYlWWni1O95dHTOAz3Mmfxl2JNGvGSZewuyqBETlp5AMZQktPZrqwWkxPH
         rdWz7JhuFfXKkwU8lDOf24J8BVWi0mjhwHCOWXpYxuINv4qTOEK58tJIKnBiJm2IRo+i
         OHLE4Rz/XRnKqn16VAdj7U6XjPaWYKSF8814pq3tVlfRhgfWbhy+vO1X7B4cF+g3x9Nb
         11ssRjlaAHgdK/o6WPjKI2wSEVHfiY3a5VNYJR0mfKI9d2mBZlHLPI+hhUlD2X1+n+aK
         DgaI7Dm6c2YFqmhgCrLJ+bA3umtzAz2pS8dAlklksfF/gebVsW5NpqAjFghiys5LWBsc
         Or/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=Vec3g15rqX5tPpr4wXsVAyRefMb116qUxoatzMLj2BU=;
        b=OBLnACo/8nQOigXkFE5EReZ03BT74FV+6aZq/fD1AGkj++ROLbJuazoswBPC3lOBj4
         2tQstUvsbvHmyCZL2SbBnBuR8xNTAELVGK+CLWDC4XvtPYtQA3LZoHlAtplhCwjaou5o
         jG31A6tAd4TpqwXT5GymDdQv850lEroUrj7EBqNl3r+VWZlgghPWAjGVgYJLFILHmtZh
         ndtnBvMHrBRSrwXTXuHgTP+NnfKSLYkKBJ+AuZOrlIvg5oXy0XmDm/3f0LCa1eSE4MKD
         z43pDsxuxKulB3SybqmZffcdiRnQNYH3H/Lejn1ImLT4+s/oBnuKr5n9afLCI1QeOj6v
         alTQ==
X-Gm-Message-State: APt69E1YDDmowazRs/v5paID6SqdT3ffqeGOHOvH1H/+0zRJOjB6EX2p
        JkZGt/qMfVrlEOc5Y4bIfoaGcg==
X-Received: by 2002:a0c:b916:: with SMTP id u22-v6mr23714477qvf.224.1529618681229;
        Thu, 21 Jun 2018 15:04:41 -0700 (PDT)
Received: from localhost.localdomain ([173.38.117.67])
        by smtp.gmail.com with ESMTPSA id l73-v6sm6668473qkl.78.2018.06.21.15.04.39
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 21 Jun 2018 15:04:40 -0700 (PDT)
From:   Tycho Andersen <tycho@tycho.ws>
To:     Kees Cook <keescook@chromium.org>
Cc:     linux-kernel@vger.kernel.org,
        containers@lists.linux-foundation.org, linux-api@vger.kernel.org,
        Andy Lutomirski <luto@amacapital.net>,
        Oleg Nesterov <oleg@redhat.com>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Tyler Hicks <tyhicks@canonical.com>,
        Akihiro Suda <suda.akihiro@lab.ntt.co.jp>,
        "Tobin C . Harding" <me@tobin.cc>, Tycho Andersen <tycho@tycho.ws>
Subject: [PATCH v4 0/4] seccomp trap to userspace
Date:   Thu, 21 Jun 2018 16:04:12 -0600
Message-Id: <20180621220416.5412-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.17.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi all,

Here's v4 of the seccomp trap to userspace series. v3 is here:
https://lkml.org/lkml/2018/5/31/527

I believe we've addressed the two burning questions I had about v3: 1.
it seems ok not to use netlink, since there's not a great way to re-use
the API without a lot of unnecessary code and 2. only having return
capability for fds seems fine with people. Or at least I haven't heard
any strong objections.

I've re-worked a bunch of things in this version based on feedback from
the last series. See patch notes for details. At this point I'm not
aware of anything that needs to be addressed, but of course that is
subject to change :)

Tycho

Tycho Andersen (4):
  seccomp: add a return code to trap to userspace
  seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE
  seccomp: add a way to get a listener fd from ptrace
  seccomp: add support for passing fds via USER_NOTIF

 .../userspace-api/seccomp_filter.rst          |  79 +++
 arch/Kconfig                                  |   7 +
 include/linux/seccomp.h                       |  18 +-
 include/uapi/linux/ptrace.h                   |   2 +
 include/uapi/linux/seccomp.h                  |  23 +-
 kernel/ptrace.c                               |   4 +
 kernel/seccomp.c                              | 491 ++++++++++++++-
 tools/testing/selftests/seccomp/seccomp_bpf.c | 560 +++++++++++++++++-
 8 files changed, 1172 insertions(+), 12 deletions(-)

-- 
2.17.1