[Devel] [VZ8 PATCH v2 0/3] ve/mmap: Check how library on CT is mapped
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Jun 1 17:43:18 MSK 2021
Looks good.
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
On 01.06.2021 17:22, Valeriy Vdovin wrote:
> Move ve_trusted_exec to a more general place and rename it for
> consistency with another added function that checks for CT library files
> being mmaped to a priviledged process.
>
> Valeriy Vdovin (3):
> ve/exec: ve_trusted_exec moved to ve.c and renamed
> ve/exec: reordered ve_check_trusted_exec conditions
> ve/mmap: protect from unsecure library load from CT image
>
> fs/exec.c | 44 ++---------------------------
> include/linux/ve.h | 2 ++
> kernel/ve/ve.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++
> mm/util.c | 5 ++++
> 4 files changed, 80 insertions(+), 41 deletions(-)
>
> v2: - split big patch into patchset
> - reordered check conditions
> - added file name in mmap check message
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list