Tycho,
I hate myself, but I have another nit ;) again, it is not that I think
you should updtate the patch, just fyi...
On 06/05, Tycho Andersen wrote:
>
> --- a/include/linux/seccomp.h
> +++ b/include/linux/seccomp.h
> @@ -95,4 +95,14 @@ static inline void get_seccomp_filter(struct task_struct *tsk)
> return;
> }
> #endif /* CONFIG_SECCOMP_FILTER */
> +
> +#ifdef CONFIG_CHECKPOINT_RESTORE
> +extern bool may_suspend_seccomp(void);
> +#else
> +static inline bool may_suspend_seccomp(void)
> +{
> + return false;
> +}
> +#endif
This looks wrong. There is no "extern may_suspend_seccomp()" if
CONFIG_SECCOMP=n, kernel/seccomp.c is not compiled. So you need another
ifdef(CONFIG_SECCOMP).
At the same time this does not matter and you do not need the dummy
"inline" version at all:
> @@ -556,6 +557,15 @@ static int ptrace_setoptions(struct task_struct *child, unsigned long data)
> if (data & ~(unsigned long)PTRACE_O_MASK)
> return -EINVAL;
>
> + if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
> + if (!config_enabled(CONFIG_CHECKPOINT_RESTORE) ||
> + !config_enabled(CONFIG_SECCOMP))
> + return -EINVAL;
> +
> + if (!may_suspend_seccomp())
> + return -EPERM;
gcc will optimize out may_suspend_seccomp() unless both options are
enabled.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
