[Devel] [VZ8 PATCH 0/4] Port ve_trusted_exec functionality from VZ7
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Fri May 28 15:23:22 MSK 2021
Except for converting spaces to tabs, this looks good.
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
On 28.05.2021 14:07, Valeriy Vdovin wrote:
> Patchset that ports ve_trusted_exec functionality from VZ7.
> The challenge of porting it to VZ8 is that there is no PLOOP_DEV_MAJOR
> anymore, which was an important part of container block device
> detection. Instead we have to implement ve_trusted_exec flag in struct
> genhd.
>
> Pavel Tikhomirov (3):
> ve/fs/exec: don't allow a privileged user to execute untrusted files
> ve/fs/exec: send SIGSEGV to a process trying to execute untrusted
> files
> ve/exec: allow trusted exec change both on boot and on running system
>
> Valeriy Vdovin (1):
> block: Added trusted flag to struct genhd
>
> block/genhd.c | 39 +++++++++++++++++++++++++++++
> fs/exec.c | 56 ++++++++++++++++++++++++++++++++++++++++--
> include/linux/genhd.h | 4 +++
> include/linux/sysctl.h | 1 +
> kernel/sysctl.c | 16 ++++++++++++
> 5 files changed, 114 insertions(+), 2 deletions(-)
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list