Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp297678imm; Thu, 28 Jun 2018 20:35:43 -0700 (PDT) X-Google-Smtp-Source: AAOMgpf1Xi1H1MbPgopmhgfuqyab3jytm8RU83Ei0EEwLDh+pp/OUDyksRFTMxn95wHhBkSGG8L6 X-Received: by 2002:a62:49dd:: with SMTP id r90-v6mr9255936pfi.203.1530243342986; Thu, 28 Jun 2018 20:35:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530243342; cv=none; d=google.com; s=arc-20160816; b=Kz3cUXjOyPaKFdGqdnLwK9gmQJ10BtRJztBbDkKwyHKzaHuDhTTC43+FzXSpKRiMdO 6lWfd6Jx0Dj/9QkW03NXsF5AU1Xhqm8IDbw+aDdbWcvy+1qstAUnybFx8lkxaPw6f9IN Si/vapoHsAfwf+WV5qb38dow4G0STn2F1yxX0dcR06Fns2g4YuOanJcaYHiWjPxsVA1h lJqBKrIacICHx9NL8+E2Bk/8sykfPTxV0PRLR2Xz4dyvgwTE7ABJeaaneDiRkLu/r8pt KWe4150tvR4Zgb3l8uwKzkz0XPBomcZuFgS+AgmWJvhdjC0U/2pV0qaKRPJUDPcWRwwC 1SKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=TiHJhkWPJGa3yyy8nt1zk5vAZijdtJCQjeWAhj8uvD4=; b=tVD9yVsx+9F5SDyqoe2nStvobLAiHe1RqwVZ5oFsdvfvl8ZmiWEojo8YBxanB7ejzD PCzUn7+YpdWiFb7QgaV640ND3Ile2pDLy+bhy153qT9UeZuhL4vw+4pAw1u8WO6CvPYb ymXWmpKkwCvn9wjOIc3eyydnyILmBIDea2xh6oyhG5pXVDO4rMHyqQmIUgGY7deaxMVc 6EWtiFx9mssHTkhXtKiGpOYTZeWIbXmKNwpo4ezYtOx0pP0XKMGRKGjQVuKAgEdslnOg Mpbn/TjaCgLon9wecxhAGdiY+d1O0yi8zSCz828IHGAL0ggQE2POXvolRb0zvHlz4kN6 jVFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=Tf8w8cht; dkim=fail header.i=@chromium.org header.s=google header.b=bEwrnMqT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k91-v6si7783353pld.248.2018.06.28.20.35.28; Thu, 28 Jun 2018 20:35:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=Tf8w8cht; dkim=fail header.i=@chromium.org header.s=google header.b=bEwrnMqT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S967058AbeF1TC6 (ORCPT + 99 others); Thu, 28 Jun 2018 15:02:58 -0400 Received: from mail-yb0-f194.google.com ([209.85.213.194]:42361 "EHLO mail-yb0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S967033AbeF1TC4 (ORCPT ); Thu, 28 Jun 2018 15:02:56 -0400 Received: by mail-yb0-f194.google.com with SMTP id i3-v6so2417791ybl.9 for ; Thu, 28 Jun 2018 12:02:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=TiHJhkWPJGa3yyy8nt1zk5vAZijdtJCQjeWAhj8uvD4=; b=Tf8w8cht7iWx5th5EqaoLvJXyuGzQNhFbIhPp/b5qjwveHDtgtn9yz87IG3xrgFhV7 +L3zeV+7Vdhu76tbsdSlLzUu3+ZVI2/25LwbYpsj+fPVDSCL14UY+L95gyqSMLblh2cc JUWy/wmiFOR/874ClgTt5FUFuLlUHtzcI736s3zBfmD6v/XcE7PsIipbgesKA1typnhd WeZsdeoqjBN/Ld49Mpmk4tM85G0vTp3s7GV94XgBR0qXOd/Lze/nh1T2Jd2L8uVdMAiN 3o80S+MTo9mHnJfnNqQpvYvDUKPq0NFMLO0CnqodwcJM+Rc3OF73jUrudFNJovzZIaX9 vT8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=TiHJhkWPJGa3yyy8nt1zk5vAZijdtJCQjeWAhj8uvD4=; b=bEwrnMqTZVfTfOEeeMKEeBoAN+eL7ApgbFmYo/MNXynvMg6F9Tfsu1u/siKcXq/wau 5OoGUqG2QAtsMRGIl8Iozr0/ZIgVn+eupJv8kbetkyCKD4GfmBGD0HyqoJNH1/5EOls8 AVSNBj5uhWAiIfGmnIEhQ9734nqhapDrIsAPA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=TiHJhkWPJGa3yyy8nt1zk5vAZijdtJCQjeWAhj8uvD4=; b=b4MSbFVJlWRVwv07+8HjnSyP9F20kcW1ORThnjhLwYb1v46HWKjljxm88GfzzXQmrp 1IYik5inUHChNJ3hmMZyUg7PZ0lveJqzaGKZ2bRR8k/UTlFZchUv/a6bN1G8c7ldu+lF ldrB8sdEfHMgowhJGCeNj4FABwRilwf/iSMqDwFgDbnQfAg+3MPJIqk4jVvh3Hn7v7SW t+G1VTxytNG6x+9R/s2mo53zQzWmSjmyIIso93mnkhSuJ79zaxsqjfphR84nrzYm23O4 1r3QkZWIR3248UkMNb+156sKWNLOXxjb8YIFBtBMzXqF8rkhDDMVh0ZpF17UIda/qeRx Jjjg== X-Gm-Message-State: APt69E34rcMYYvvUKYi1kuYotyzsYFCvj6UugeX6DdrAQkFiOP0VPTc3 xlDAislemFOuM8p8srWLe71XuvxzoWLpAXKnhbJgjw== X-Received: by 2002:a25:a301:: with SMTP id d1-v6mr6106203ybi.193.1530212575680; Thu, 28 Jun 2018 12:02:55 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Thu, 28 Jun 2018 12:02:55 -0700 (PDT) In-Reply-To: <1530189936-25780-8-git-send-email-nmanthey@amazon.de> References: <1530189936-25780-1-git-send-email-nmanthey@amazon.de> <1530189936-25780-8-git-send-email-nmanthey@amazon.de> From: Kees Cook Date: Thu, 28 Jun 2018 12:02:55 -0700 X-Google-Sender-Auth: WzxjqykLya2dMpivXYQxblbxQro Message-ID: Subject: Re: [less-CONFIG_NET v2 7/8] seccomp: drop CONFIG_NET To: Norbert Manthey Cc: LKML , Masahiro Yamada , Andrew Morton , Nicholas Piggin , Arnd Bergmann , Josef Bacik , Masami Hiramatsu , Deepa Dinamani Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 28, 2018 at 5:45 AM, Norbert Manthey wrote: > With the goal of dropping CONFIG_NET, we have to drop the dependency > in the configuration management. Since SECCOMP_FILTER also requires > BPF functionality, which is usually activated by CONFIG_NET, imply > BPF from SECCOMP_FILTER directly. Nit: "select" not "imply" > In case both CONFIG_NET and CONFIG_SECCOMP_FILTER are activated, BPF > will be activated as well, so this additional dependency does not > destroy original builds. > > Signed-off-by: Norbert Manthey Otherwise, sure. As long as this still compiles and runs, it looks fine to me! :) -Kees > --- > arch/Kconfig | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/Kconfig b/arch/Kconfig > index 1aa5906..8cfb634 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -397,7 +397,8 @@ config HAVE_ARCH_SECCOMP_FILTER > > config SECCOMP_FILTER > def_bool y > - depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET > + depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP > + select BPF > help > Enable tasks to build secure computing environments defined > in terms of Berkeley Packet Filter programs which implement > -- > 2.7.4 > > Amazon Development Center Germany GmbH > Berlin - Dresden - Aachen > main office: Krausenstr. 38, 10117 Berlin > Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger > Ust-ID: DE289237879 > Eingetragen am Amtsgericht Charlottenburg HRB 149173 B > -- Kees Cook Pixel Security