Backport "proc: report no_new_privs state" |
|||||||||
Issue description
,
Apr 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5ce2b0226ad6a9557627edb1112f16058eadd055 commit 5ce2b0226ad6a9557627edb1112f16058eadd055 Author: Kees Cook <keescook@chromium.org> Date: Tue Apr 11 23:41:08 2017 BACKPORT: proc: report no_new_privs state Similar to being able to examine if a process has been correctly confined with seccomp, the state of no_new_privs is equally interesting, so this adds it to /proc/$pid/status. Link: http://lkml.kernel.org/r/20161103214041.GA58566@beast Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Jann Horn <jann@thejh.net> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Rodrigo Freire <rfreire@redhat.com> Cc: John Stultz <john.stultz@linaro.org> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Robert Ho <robert.hu@intel.com> Cc: Jerome Marchand <jmarchan@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: "Richard W.M. Jones" <rjones@redhat.com> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit af884cd4a5ae62fcf5e321fecf0ec1014730353d) Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> BUG= chromium:710468 TEST=Local compile, precq Change-Id: Iab3b2b244e8ba365d723cb3ead5ce03b64281acf Reviewed-on: https://chromium-review.googlesource.com/473949 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [modify] https://crrev.com/5ce2b0226ad6a9557627edb1112f16058eadd055/fs/proc/array.c [modify] https://crrev.com/5ce2b0226ad6a9557627edb1112f16058eadd055/Documentation/filesystems/proc.txt
,
Apr 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/45353926ff33330f8cb6ab3181bd4454e1d5e7a1 commit 45353926ff33330f8cb6ab3181bd4454e1d5e7a1 Author: Kees Cook <keescook@chromium.org> Date: Wed Apr 12 23:07:42 2017 BACKPORT: proc: report no_new_privs state Similar to being able to examine if a process has been correctly confined with seccomp, the state of no_new_privs is equally interesting, so this adds it to /proc/$pid/status. Link: http://lkml.kernel.org/r/20161103214041.GA58566@beast Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Jann Horn <jann@thejh.net> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Rodrigo Freire <rfreire@redhat.com> Cc: John Stultz <john.stultz@linaro.org> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Robert Ho <robert.hu@intel.com> Cc: Jerome Marchand <jmarchan@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: "Richard W.M. Jones" <rjones@redhat.com> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit af884cd4a5ae62fcf5e321fecf0ec1014730353d) Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> BUG= chromium:710468 TEST=Local compile TEST=On device: # cat /proc/self/status: Name: cat ... NoNewPrivs: 0 Seccomp: 0 Change-Id: I6c82dea73a402cb36616a10e120df185fc427e7d Reviewed-on: https://chromium-review.googlesource.com/473970 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [modify] https://crrev.com/45353926ff33330f8cb6ab3181bd4454e1d5e7a1/fs/proc/array.c [modify] https://crrev.com/45353926ff33330f8cb6ab3181bd4454e1d5e7a1/Documentation/filesystems/proc.txt
,
Apr 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2f3d7a61e575ed3ecdfd117fe0ca61cc2b15ed54 commit 2f3d7a61e575ed3ecdfd117fe0ca61cc2b15ed54 Author: Kees Cook <keescook@chromium.org> Date: Wed Apr 12 23:07:47 2017 BACKPORT: proc: report no_new_privs state Similar to being able to examine if a process has been correctly confined with seccomp, the state of no_new_privs is equally interesting, so this adds it to /proc/$pid/status. Link: http://lkml.kernel.org/r/20161103214041.GA58566@beast Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Jann Horn <jann@thejh.net> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Rodrigo Freire <rfreire@redhat.com> Cc: John Stultz <john.stultz@linaro.org> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Robert Ho <robert.hu@intel.com> Cc: Jerome Marchand <jmarchan@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: "Richard W.M. Jones" <rjones@redhat.com> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit af884cd4a5ae62fcf5e321fecf0ec1014730353d) Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> BUG= chromium:710468 TEST=Local compile, precq Change-Id: I446d8c0473704b4f2e749b69831b842638bf4c08 Reviewed-on: https://chromium-review.googlesource.com/473850 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [modify] https://crrev.com/2f3d7a61e575ed3ecdfd117fe0ca61cc2b15ed54/fs/proc/array.c [modify] https://crrev.com/2f3d7a61e575ed3ecdfd117fe0ca61cc2b15ed54/Documentation/filesystems/proc.txt
,
Apr 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/73b264bb0e5e406189d86299bef8432b49d9f48f commit 73b264bb0e5e406189d86299bef8432b49d9f48f Author: Kees Cook <keescook@chromium.org> Date: Wed Apr 12 23:07:56 2017 BACKPORT: proc: report no_new_privs state Similar to being able to examine if a process has been correctly confined with seccomp, the state of no_new_privs is equally interesting, so this adds it to /proc/$pid/status. Link: http://lkml.kernel.org/r/20161103214041.GA58566@beast Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Jann Horn <jann@thejh.net> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Rodrigo Freire <rfreire@redhat.com> Cc: John Stultz <john.stultz@linaro.org> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Robert Ho <robert.hu@intel.com> Cc: Jerome Marchand <jmarchan@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: "Richard W.M. Jones" <rjones@redhat.com> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit af884cd4a5ae62fcf5e321fecf0ec1014730353d) Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> BUG= chromium:710468 TEST=Local compile, precq Change-Id: If3c00b3f5308e8d2426679617d93bc83bc3c16ea Reviewed-on: https://chromium-review.googlesource.com/474944 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [modify] https://crrev.com/73b264bb0e5e406189d86299bef8432b49d9f48f/fs/proc/array.c [modify] https://crrev.com/73b264bb0e5e406189d86299bef8432b49d9f48f/Documentation/filesystems/proc.txt
,
Apr 13 2017
,
Apr 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/93943a7c28c72dd4b643565bcbf50eadf907ec6b commit 93943a7c28c72dd4b643565bcbf50eadf907ec6b Author: Kees Cook <keescook@chromium.org> Date: Wed Apr 26 18:25:59 2017 BACKPORT: proc: report no_new_privs state Similar to being able to examine if a process has been correctly confined with seccomp, the state of no_new_privs is equally interesting, so this adds it to /proc/$pid/status. Link: http://lkml.kernel.org/r/20161103214041.GA58566@beast Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Jann Horn <jann@thejh.net> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Rodrigo Freire <rfreire@redhat.com> Cc: John Stultz <john.stultz@linaro.org> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Robert Ho <robert.hu@intel.com> Cc: Jerome Marchand <jmarchan@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: "Richard W.M. Jones" <rjones@redhat.com> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit af884cd4a5ae62fcf5e321fecf0ec1014730353d) Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> BUG= chromium:710468 TEST=Build kernel, boot lumpy, check /proc/self/status. Change-Id: Ib1dd80279a7b6521b28b4e83597e5f8ec5614504 Reviewed-on: https://chromium-review.googlesource.com/487582 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [modify] https://crrev.com/93943a7c28c72dd4b643565bcbf50eadf907ec6b/fs/proc/array.c [modify] https://crrev.com/93943a7c28c72dd4b643565bcbf50eadf907ec6b/Documentation/filesystems/proc.txt
,
May 30 2017
,
Aug 1 2017
,
Jan 22 2018
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by bugdroid1@chromium.org
, Apr 11 2017