[Devel] [PATCH rh7] seccomp: Add PT_SUSPEND_SECCOMP in __secure_computing
Kirill Gorkunov
gorcunov at virtuozzo.com
Tue Jan 15 11:47:36 MSK 2019
We have to fetch the whole 13c4a90119d28cfcb6b5bdd820c233b86c2b0237
vanilla patch because __secure_computing is called from vsyscalls.
https://jira.sw.ru/browse/PSBM-90760
Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>
---
kernel/seccomp.c | 4 ++++
1 file changed, 4 insertions(+)
Index: linux-pcs7.git/kernel/seccomp.c
===================================================================
--- linux-pcs7.git.orig/kernel/seccomp.c
+++ linux-pcs7.git/kernel/seccomp.c
@@ -764,6 +764,10 @@ int __secure_computing(void)
struct pt_regs *regs = task_pt_regs(current);
int this_syscall = syscall_get_nr(current, regs);
+ if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
+ unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
+ return 0;
+
switch (mode) {
case SECCOMP_MODE_STRICT:
__secure_computing_strict(this_syscall); /* may call do_exit */
More information about the Devel
mailing list