OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/Documentation
History
Vincent Bernat d59577b6ff sk-filter: Add ability to lock a socket filter program 
While a privileged program can open a raw socket, attach some
restrictive filter and drop its privileges (or send the socket to an
unprivileged program through some Unix socket), the filter can still
be removed or modified by the unprivileged program. This commit adds a
socket option to lock the filter (SO_LOCK_FILTER) preventing any
modification of a socket filter program.

This is similar to OpenBSD BIOCLOCK ioctl on bpf sockets, except even
root is not allowed change/drop the filter.

The state of the lock can be read with getsockopt(). No error is
triggered if the state is not changed. -EPERM is returned when a user
tries to remove the lock or to change/remove the filter while the lock
is active. The check is done directly in sk_attach_filter() and
sk_detach_filter() and does not affect only setsockopt() syscall.

Signed-off-by: Vincent Bernat <bernat@luffy.cx>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2013-01-17 03:21:25 -05:00
..
ABI Merge branch 'akpm' (Andrew's patch-bomb) 2012-12-20 20:00:43 -08:00
DocBook Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
EDID
PCI Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
RCU Merge branches 'urgent.2012.10.27a', 'doc.2012.11.16a', 'fixes.2012.11.13a', 'srcu.2012.10.27a', 'stall.2012.11.13a', 'tracing.2012.11.08a' and 'idle.2012.10.24a' into HEAD 2012-11-16 09:59:58 -08:00
accounting doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c 2012-11-26 14:22:21 +01:00
acpi Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
aoe aoe: allow user to disable target failure timeout 2012-12-17 17:15:25 -08:00
arm fbdev changes for 3.8: 2012-12-15 13:03:48 -08:00
arm64 Documentation: Fixes a word in Documentation/arm64/memory.txt 2012-11-29 16:33:18 +00:00
auxdisplay
backlight drivers/video/backlight/lp855x_bl.c: use generic PWM functions 2012-12-17 17:15:16 -08:00
blackfin
block block: Kill bi_destructor 2012-09-09 10:35:39 +02:00
blockdev
bus-devices ARM: OMAP2+: gpmc: generic timing calculation 2012-11-09 18:07:11 +05:30
cdrom
cgroups kmem: add slab-specific documentation about the kmem controller 2012-12-18 15:02:15 -08:00
connector connector: Move cn_test.c away from NLMSG_PUT(). 2012-06-26 21:19:02 -07:00
console
cpu-freq acpi-cpufreq: Add support for disabling dynamic overclocking 2012-09-09 22:05:12 +02:00
cpuidle Honor state disabling in the cpuidle ladder governor 2012-09-04 01:35:44 +02:00
cris
crypto KEYS: Document asymmetric key type 2012-10-08 13:50:12 +10:30
development-process
device-mapper DM RAID: Add rebuild capability for RAID10 2012-10-11 13:40:24 +11:00
devicetree ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
driver-model pwm: add devm_pwm_get() and devm_pwm_put() 2012-09-10 17:05:45 +02:00
dvb get_dvb_firmware: fix download site for tda10046 firmware 2012-09-28 16:16:00 -03:00
early-userspace
extcon
fault-injection doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
fb
filesystems Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-12-20 18:14:31 -08:00
firmware_class firmware loader: document firmware cache mechanism 2012-11-14 15:07:18 -08:00
frv
hid doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
hwmon hwmon: (it87) Report thermal sensor type as Intel PECI if appropriate 2012-12-19 22:17:02 +01:00
i2c Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
i2o
ia64 doc: aliasing-test: close fd on write error 2012-09-01 09:57:10 -07:00
ide
infiniband IB/ipoib: Add rtnl_link_ops support 2012-09-20 16:49:17 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2012-12-13 12:00:48 -08:00
ioctl ioctl-number.txt: Remove legacy private ioctl's from media drivers 2012-08-14 00:07:39 -03:00
isdn
ja_JP
kbuild Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
kdump kexec: update URL of kexec homepage 2012-07-18 18:35:57 -07:00
ko_KR
laptops Documentation: fix the VM knobs descritpion WRT pdflush 2012-08-04 12:15:09 +04:00
leds leds-lp5523: add channel name in the platform data 2012-09-11 18:32:41 +08:00
m68k
make
memory-devices
mips
misc-devices doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
mmc mmc: core: Extend sysfs to ext_csd parameters for RPMB support 2012-12-06 13:54:48 -05:00
mn10300
mtd
namespaces
netlabel
networking sk-filter: Add ability to lock a socket filter program 2013-01-17 03:21:25 -05:00
nfc NFC: Error management documentation 2012-07-09 16:42:11 -04:00
parisc
pcmcia
power PM: Move disabling/enabling runtime PM to late suspend/early resume 2013-01-06 00:35:55 +01:00
powerpc powerpc/hw-breakpoint: Use generic hw-breakpoint interfaces for new PPC ptrace flags 2012-11-15 13:00:23 +11:00
pps
prctl seccomp: Make syscall skipping and nr changes more consistent 2012-10-02 21:14:29 +10:00
pti
ptp
rapidio
s390
scheduler sched: Remove __ARCH_WANT_INTERRUPTS_ON_CTXSW 2012-09-13 16:52:04 +02:00
scsi [SCSI] hptiop: Support HighPoint RR4520/RR4522 HBA 2012-11-27 08:59:43 +04:00
security Documentation: fix Documentation/security/00-INDEX 2012-12-17 17:15:22 -08:00
serial firmware: remove computone driver firmware and documentation 2012-08-16 12:31:18 -07:00
sh
sound ALSA: usb-audio: Deprecate async_unlink option 2012-11-21 11:37:40 +01:00
spi Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
sysctl Documentation/sysctl/kernel.txt: document /proc/sys/shmall 2013-01-04 16:11:46 -08:00
target target: Simplify fabric sense data length handling 2012-09-17 17:12:58 -07:00
thermal Thermal: Add documentation for platform layer data 2012-11-05 14:00:09 +08:00
timers
trace doc: fix old config name of kprobetrace 2012-09-27 12:11:29 +02:00
usb USB: report submission of active URBs 2012-11-11 18:10:46 -08:00
vDSO
video4linux Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
virtual KVM: PPC: booke: Get/set guest EPCR register using ONE_REG interface 2012-12-06 01:34:20 +01:00
vm Merge branch 'akpm' (Andrew's patch-bomb) 2012-12-13 13:11:15 -08:00
w1 1-Wire: Add support for the maxim ds1825 temperature sensor 2012-08-16 12:33:59 -07:00
watchdog watchdog: fix watchdog-test.c build warning 2012-08-29 17:12:58 +02:00
wimax
x86 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-19 12:56:42 -08:00
xtensa xtensa: initialize atomctl SR 2012-12-18 21:10:22 -08:00
zh_CN Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
.gitignore
00-INDEX Documentation: remove reference to feature-removal-schedule.txt 2012-12-17 17:15:12 -08:00
BUG-HUNTING
Changes
CodingStyle CodingStyle: add networking specific block comment style 2012-10-06 03:04:59 +09:00
DMA-API-HOWTO.txt Documentation DMA-API-HOWTO.txt Add dma mapping error check usage examples 2012-10-24 17:07:43 +02:00
DMA-API.txt dma-debug: New interfaces to debug dma mapping errors 2012-10-24 17:06:43 +02:00
DMA-ISA-LPC.txt
DMA-attributes.txt common: DMA-mapping: add DMA_ATTR_FORCE_CONTIGUOUS attribute 2012-11-29 03:30:34 -08:00
HOWTO HOWTO: fix double words typo 2012-12-10 15:54:27 +01:00
IPMI.txt IPMI: Remove SMBus driver info from the docs 2012-10-16 18:07:12 -07:00
IRQ-affinity.txt
IRQ-domain.txt irqdomain: update documentation 2012-12-05 23:52:10 +00:00
IRQ.txt
Intel-IOMMU.txt
Makefile
ManagementStyle Documentation: ManagementStyle: fixed typo 2012-06-28 12:03:15 +02:00
SAK.txt
SM501.txt
SecurityBugs
SubmitChecklist
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: suggested the use of scripts/get_maintainer.pl 2012-05-25 16:18:30 +02:00
VGA-softcursor.txt
applying-patches.txt
atomic_ops.txt
bad_memory.txt
basic_profiling.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
cachetlb.txt
circular-buffers.txt
clk.txt
coccinelle.txt
cpu-hotplug.txt doc: Add x86 CPU0 online/offline feature 2012-11-14 09:39:44 -08:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt firmware: remove last vestiges of dabusb 2012-11-21 13:03:01 -08:00
digsig.txt
dma-buf-sharing.txt doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
dmaengine.txt
dontdiff x86: remove offsets.h from .gitignore and dontdiff 2012-11-19 14:10:53 +01:00
dynamic-debug-howto.txt
edac.txt Merge branch 'devel' 2012-07-29 21:11:05 -03:00
eisa.txt MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
email-clients.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gpio.txt gpiolib: provide provision to register pin ranges 2012-11-11 19:06:00 +01:00
highuid.txt
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt Documentation/initrd.txt: Change the location of util-linux 2012-05-25 16:18:34 +02:00
intel_txt.txt
io-mapping.txt
io_ordering.txt
iostats.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt Kernel-doc: Convention: Use a "Return" section to describe return values 2012-11-27 21:08:57 +01:00
kernel-docs.txt
kernel-parameters.txt Documentation: kernel-parameters.txt remove capability.disable 2012-12-20 17:40:19 -08:00
kmemcheck.txt
kmemleak.txt
kobject.txt Documentation: Fix "struct kobj_type" to include newer members. 2012-09-04 16:06:34 -07:00
kprobes.txt
kref.txt kref: Add kref_get_unless_zero documentation 2012-11-28 18:36:06 +10:00
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt
md.txt
media-framework.txt [media] media: Add link_validate() op to check links to the sink pad 2012-05-14 08:44:11 -03:00
memory-barriers.txt Documentation: Fix memory-barriers.txt example 2012-10-23 14:44:46 -07:00
memory-hotplug.txt hotplug: update nodemasks management 2012-12-12 17:38:33 -08:00
mono.txt
mutex-design.txt
nommu-mmap.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt percpu-rw-semaphore: fix documentation typos 2012-09-26 19:56:15 +02:00
pi-futex.txt
pinctrl.txt gpiolib: provide provision to register pin ranges 2012-11-11 19:06:00 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt lib/vsprintf: update documentation to cover all of %p[Mm][FR] 2012-10-06 03:04:50 +09:00
pwm.txt pwm: add devm_pwm_get() and devm_pwm_put() 2012-09-10 17:05:45 +02:00
ramoops.txt pstore/ftrace: Convert to its own enable/disable debugfs knob 2012-09-06 22:16:58 -07:00
rbtree.txt rbtree: move augmented rbtree functionality to rbtree_augmented.h 2012-10-09 16:22:40 +09:00
remoteproc.txt remoteproc: add rproc_report_crash function to notify rproc crashes 2012-09-18 12:53:22 +03:00
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rt-mutex-design.txt
rt-mutex.txt
rtc.txt rtc-proc: permit the /proc/driver/rtc device to use other devices 2012-10-06 03:05:01 +09:00
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
smsc_ece1099.txt mfd: smsc: Add support for smsc gpio io/keypad driver 2012-10-01 15:27:48 +02:00
sparse.txt Documentation/sparse.txt: document context annotations for lock checking 2012-12-17 17:15:23 -08:00
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable: Allow merging of backports for serious user-visible performance issues 2012-06-25 12:11:58 -07:00
static-keys.txt
svga.txt
sysfs-rules.txt
sysrq.txt sparc64: Add global PMU register dumping via sysrq. 2012-10-16 09:34:01 -07:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt vfio: Trivial Documentation correction 2012-09-21 10:48:03 -06:00
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt workqueue: reimplement WQ_HIGHPRI using a separate worker_pool 2012-07-13 22:24:45 -07:00
xz.txt
zorro.txt