On Tue, 2012-06-05 at 14:23 -0700, Kees Cook wrote: > Hi Ben, > > On Tue, Jun 05, 2012 at 08:43:21PM +0100, Ben Hutchings wrote: > > On Tue, 2012-06-05 at 11:07 -0700, Kees Cook wrote: > > > Package: wnpp > > > Severity: wishlist > > > Owner: Kees Cook <k...@debian.org> > > > > > > * Package name : libseccomp > > > Version : 0.1.0 > > > Upstream Author : Paul Moore <pmo...@redhat.com> > > > * URL : https://sourceforge.net/projects/libseccomp/ > > > * License : LGPLv2 > > > Programming Lang: C > > > Description : High level interface to the Linux Kernel's seccomp > > > filter > > > > > > This library provides a high level interface to constructing, analyzing > > > and installing seccomp filters via a BPF passed to the Linux Kernel's > > > prctl() syscall. > > > > So are you going to help us with backporting this to Linux 3.2 > > (bug #675615) or is this supposed to be post-wheezy? > > The 3.2 backport can be lifted from the Ubuntu kernel[1], but libseccomp > can build regardless of kernel support.
Sorry, yes that's what I meant.
> I just want to make sure it gets
> into the archive in time for projects to start linking against it.
>
> -Kees
>
> [1] git://kernel.ubuntu.com/ubuntu/ubuntu-precise.git
> 8f3bc80 UBUNTU: SAUCE: SECCOMP: adjust prctl constant
> 426ae7e UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations
> 5125a0c UBUNTU: SAUCE: SECCOMP: Documentation: prctl/seccomp_filter
> 9fe7d2f UBUNTU: SAUCE: SECCOMP: x86: Enable HAVE_ARCH_SECCOMP_FILTER
> f90be55 UBUNTU: SAUCE: SECCOMP: ptrace,seccomp: Add PTRACE_SECCOMP support
> d9157b0 UBUNTU: SAUCE: SECCOMP: seccomp: Add SECCOMP_RET_TRAP
> 815c5af UBUNTU: SAUCE: SECCOMP: signal, x86: add SIGSYS info and make it
> synchronous.
> 7ad6853 UBUNTU: SAUCE: SECCOMP: seccomp: add SECCOMP_RET_ERRNO
> f9fbf9f UBUNTU: SAUCE: SECCOMP: seccomp: remove duplicated failure logging
> 7846755 UBUNTU: SAUCE: SECCOMP: seccomp: add system call filtering using BPF
> 289c05b UBUNTU: SAUCE: SECCOMP: asm/syscall.h: add syscall_get_arch
> 177ef2e UBUNTU: SAUCE: SECCOMP: arch/x86: add syscall_get_arch to syscall.h
> a115718 UBUNTU: SAUCE: SECCOMP: seccomp: kill the seccomp_t typedef
> e35e75b UBUNTU: SAUCE: SECCOMP: net/compat.c,linux/filter.h: share
> compat_sock_fprog
> f60cccd UBUNTU: SAUCE: SECCOMP: sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
> 8370a7f UBUNTU: SAUCE: SECCOMP: Fix apparmor for PR_{GET,SET}_NO_NEW_PRIVS
> be4b587 UBUNTU: SAUCE: SECCOMP: Add PR_{GET,SET}_NO_NEW_PRIVS to prevent
> execve from granting privs
>
> And then enable CONFIG_SECCOMP_FILTER for x86 arches.
Thanks.
Ben.
--
Ben Hutchings
It is easier to write an incorrect program than to understand a correct one.
signature.asc
Description: This is a digitally signed message part
