kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #31114
[Bug 1183616] Re: seccomp-bpf missing on ARM in precise
flag@flag-desktop:~/seccomp/tests$ ./seccomp_bpf_tests
[==========] Running 31 tests from 1 test cases.
[ RUN ] global.mode_strict_support
[ OK ] global.mode_strict_support
[ RUN ] global.mode_strict_cannot_call_prctl
[ OK ] global.mode_strict_cannot_call_prctl
[ RUN ] global.no_new_privs_support
[ OK ] global.no_new_privs_support
[ RUN ] global.mode_filter_support
[ OK ] global.mode_filter_support
[ RUN ] global.mode_filter_without_nnp
[ OK ] global.mode_filter_without_nnp
[ RUN ] global.mode_filter_cannot_move_to_strict
[ OK ] global.mode_filter_cannot_move_to_strict
[ RUN ] global.ALLOW_all
[ OK ] global.ALLOW_all
[ RUN ] global.empty_prog
[ OK ] global.empty_prog
[ RUN ] global.unknown_ret_is_kill_inside
[ OK ] global.unknown_ret_is_kill_inside
[ RUN ] global.unknown_ret_is_kill_above_allow
[ OK ] global.unknown_ret_is_kill_above_allow
[ RUN ] global.KILL_all
[ OK ] global.KILL_all
[ RUN ] global.KILL_one
[ OK ] global.KILL_one
[ RUN ] global.KILL_one_arg_one
[ OK ] global.KILL_one_arg_one
[ RUN ] global.KILL_one_arg_six
[ OK ] global.KILL_one_arg_six
[ RUN ] global.arg_out_of_range
[ OK ] global.arg_out_of_range
[ RUN ] global.ERRNO_one
[ OK ] global.ERRNO_one
[ RUN ] global.ERRNO_one_ok
[ OK ] global.ERRNO_one_ok
[ RUN ] TRAP.dfl
[ OK ] TRAP.dfl
[ RUN ] TRAP.ign
[ OK ] TRAP.ign
[ RUN ] TRAP.handler
[ OK ] TRAP.handler
[ RUN ] TRAP.handler
[ OK ] TRAP.handler
[ RUN ] precedence.allow_ok
[ OK ] precedence.allow_ok
[ RUN ] precedence.kill_is_highest
[ OK ] precedence.kill_is_highest
[ RUN ] precedence.kill_is_highest_in_any_order
[ OK ] precedence.kill_is_highest_in_any_order
[ RUN ] precedence.trap_is_second
[ OK ] precedence.trap_is_second
[ RUN ] precedence.trap_is_second_in_any_order
[ OK ] precedence.trap_is_second_in_any_order
[ RUN ] precedence.errno_is_third
[ OK ] precedence.errno_is_third
[ RUN ] precedence.errno_is_third_in_any_order
[ OK ] precedence.errno_is_third_in_any_order
[ RUN ] precedence.trace_is_fourth
[ OK ] precedence.trace_is_fourth
[ RUN ] precedence.trace_is_fourth_in_any_order
[ OK ] precedence.trace_is_fourth_in_any_order
[ RUN ] TRACE.read_has_side_effects
[ OK ] TRACE.read_has_side_effects
[ RUN ] TRACE.getpid_runs_normally
[ OK ] TRACE.getpid_runs_normally
[==========] 31 / 31 tests passed.
[ PASSED ]
flag@flag-desktop:~/seccomp/tests$
flag@flag-desktop:~/seccomp/tests$ uname -a
Linux flag-desktop 3.2.0-1441-omap4 #60 SMP PREEMPT Fri Nov 15 15:16:44 UTC 2013 armv7l armv7l armv7l GNU/Linux
flag@flag-desktop:~/seccomp/tests$
** Tags removed: verification-needed-precise
** Tags added: verification-done-precise
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1183616
Title:
seccomp-bpf missing on ARM in precise
Status in “linux” package in Ubuntu:
Triaged
Status in “linux” source package in Precise:
Triaged
Bug description:
While seccomp-bpf was backported into precise, it was only for x86.
Now that the ARM support is upstream too, it would be great to have
the same level of support on ARM in the LTS kernel.
I'll prepare patches.
[Impact]
ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome)
[Test Case]
git clone https://github.com/redpig/seccomp.git
cd seccomp/tests
make
./seccomp_bpf_tests
All tests should pass
[Regression Potential]
Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616/+subscriptions
