seccomp: Configurable separator for the actions_logged string (beb44aca) · Commits · 戴 / test

The function that converts a bitmask of seccomp actions that are allowed to be logged is currently only used for constructing the display string for the kernel.seccomp.actions_logged sysctl. That string wants a space character to be used for the separator between actions. A future patch will make use of the same function for building a string that will be sent to the audit subsystem for tracking modifications to the kernel.seccomp.actions_logged sysctl. That string will need to use a comma as a separator. This patch allows the separator character to be configurable to meet both needs. Signed-off-by:

Tyler Hicks <tyhicks@canonical.com> Acked-by:

Kees Cook <keescook@chromium.org> Signed-off-by:

Paul Moore <paul@paul-moore.com>

kernel/seccomp.c

+7 −6

Original line number	Diff line number	Diff line
		@@ -1135,10 +1135,11 @@ static const struct seccomp_log_name seccomp_log_names[] = {
		};

		static bool seccomp_names_from_actions_logged(char *names, size_t size,
		u32 actions_logged)
		u32 actions_logged,
		const char *sep)
		{
		const struct seccomp_log_name *cur;
		bool append_space = false;
		bool append_sep = false;

		for (cur = seccomp_log_names; cur->name && size; cur++) {
		ssize_t ret;
		@@ -1146,15 +1147,15 @@ static bool seccomp_names_from_actions_logged(char *names, size_t size,
		if (!(actions_logged & cur->log))
		continue;

		if (append_space) {
		ret = strscpy(names, " ", size);
		if (append_sep) {
		ret = strscpy(names, sep, size);
		if (ret < 0)
		return false;

		names += ret;
		size -= ret;
		} else
		append_space = true;
		append_sep = true;

		ret = strscpy(names, cur->name, size);
		if (ret < 0)
		@@ -1208,7 +1209,7 @@ static int read_actions_logged(struct ctl_table ro_table, void __user buffer,
		memset(names, 0, sizeof(names));

		if (!seccomp_names_from_actions_logged(names, sizeof(names),
		seccomp_actions_logged))
		seccomp_actions_logged, " "))
		return -EINVAL;

		table = *ro_table;

Admin message