OpenWrt – Blame information for rev 2
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | --- a/kernel/seccomp.c |
| 2 | +++ b/kernel/seccomp.c |
||
| 3 | @@ -614,6 +614,7 @@ int __secure_computing(void) |
||
| 4 | #ifdef CONFIG_SECCOMP_FILTER |
||
| 5 | static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd) |
||
| 6 | { |
||
| 7 | + char name[sizeof(current->comm)]; |
||
| 8 | u32 filter_ret, action; |
||
| 9 | int data; |
||
| 10 | |||
| 11 | @@ -644,6 +645,13 @@ static u32 __seccomp_phase1_filter(int t |
||
| 12 | case SECCOMP_RET_TRACE: |
||
| 13 | return filter_ret; /* Save the rest for phase 2. */ |
||
| 14 | |||
| 15 | + case SECCOMP_RET_LOG: |
||
| 16 | + get_task_comm(name, current); |
||
| 17 | + pr_err_ratelimited("seccomp: %s [%u] tried to call non-whitelisted syscall: %d\n", name, current->pid, this_syscall); |
||
| 18 | + syscall_set_return_value(current, task_pt_regs(current), |
||
| 19 | + -data, 0); |
||
| 20 | + goto skip; |
||
| 21 | + |
||
| 22 | case SECCOMP_RET_ALLOW: |
||
| 23 | return SECCOMP_PHASE1_OK; |
||
| 24 | |||
| 25 | --- a/include/uapi/linux/seccomp.h |
||
| 26 | +++ b/include/uapi/linux/seccomp.h |
||
| 27 | @@ -28,6 +28,7 @@ |
||
| 28 | #define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ |
||
| 29 | #define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ |
||
| 30 | #define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ |
||
| 31 | +#define SECCOMP_RET_LOG 0x00070000U /* allow + logline */ |
||
| 32 | #define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */ |
||
| 33 | #define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ |
||
| 34 |