diff options
| author | Will Drewry <wad@chromium.org> | 2011-08-19 10:43:55 -0500 |
|---|---|---|
| committer | Andy Whitcroft <apw@canonical.com> | 2012-01-05 12:16:32 +0000 |
| commit | b864813e043b1cef054989181fdebb8b8cc615cf (patch) | |
| tree | f704a71ea6cece18dba2710057d59ca62ea3c1b4 /security | |
| parent | 8074523827a0d501da81a699aab4837b78c27f9a (diff) | |
CHROMIUM: seccomp_filters: move to btrees
Many platforms that support seccomp do not export NR_syscalls
AND do not have syscalls starting at 0. Both of these traits break
assumptions that were made in the original code (and similar
assumptions in some parts of CONFIG_FTRACE_SYSCALLS).
This change moves away from the custom lookup table data structure
to using linux/btree.h. The integer space will likely be sparsely
populated and lookups should be faster than a O(n) linked list
when determining if a particular syscall is allowed.
Compat locking is still intact and use of a magic constant in lieu
of an event_filter also persists.
Signed-off-by: Will Drewry <wad@chromium.org>
TEST=boots and tests pass. On x86 with ftrace and arm without.
BUG=chromium-os:14496
Change-Id: Idce48d7b9c9164a6d10c5febc6d271c21a71d218
Reviewed-on: http://gerrit.chromium.org/gerrit/6204
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index 34c5f08198d..da6fbe16986 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -91,6 +91,7 @@ config SECURITY_DMESG_RESTRICT config SECCOMP_FILTER bool "Enable seccomp-based system call filtering" select SECCOMP + select BTREE depends on HAVE_SECCOMP_FILTER && EXPERIMENTAL help This kernel feature expands CONFIG_SECCOMP to allow computing |