02 Nov, 2017

1 commit

• b24413180   License cleanup: add SPDX GPL-2.0 license identifier to files with no license ... Browse Code »

  Many source files in the tree are missing licensing information, which
  makes it harder for compliance tools to determine the correct license.

  By default all files without license information are under the default
  license of the kernel, which is GPL version 2.

  Update the files which contain no license information with the 'GPL-2.0'
  SPDX license identifier. The SPDX identifier is a legally binding
  shorthand, which can be used instead of the full boiler plate text.

  This patch is based on work done by Thomas Gleixner and Kate Stewart and
  Philippe Ombredanne.

  How this work was done:

  Patches were generated and checked against linux-4.14-rc6 for a subset of
  the use cases:
  - file had no licensing information it it.
  - file was a */uapi/* one with no licensing information in it,
  - file was a */uapi/* one with existing licensing information,

  Further patches will be generated in subsequent months to fix up cases
  where non-standard license headers were used, and references to license
  had to be inferred by heuristics based on keywords.

  The analysis to determine which SPDX License Identifier to be applied to
  a file was done in a spreadsheet of side by side results from of the
  output of two independent scanners (ScanCode & Windriver) producing SPDX
  tag:value files created by Philippe Ombredanne. Philippe prepared the
  base worksheet, and did an initial spot review of a few 1000 files.

  The 4.13 kernel was the starting point of the analysis with 60,537 files
  assessed. Kate Stewart did a file by file comparison of the scanner
  results in the spreadsheet to determine which SPDX license identifier(s)
  to be applied to the file. She confirmed any determination that was not
  immediately clear with lawyers working with the Linux Foundation.

  Criteria used to select files for SPDX license identifier tagging was:
  - Files considered eligible had to be source code files.
  - Make and config files were included as candidates if they contained >5
  lines of source
  - File already had some variant of a license header in it (even if
  Reviewed-by: Philippe Ombredanne
  Reviewed-by: Thomas Gleixner
  Signed-off-by: Greg Kroah-Hartman

  Greg Kroah-Hartman

  2017-11-02 18:10:55 +0800  

01 Nov, 2016

1 commit

• 1ff120504   samples/seccomp: Enable PR_SET_NO_NEW_PRIVS in dropper ... Browse Code »

  Either CAP_SYS_ADMIN or PR_SET_NO_NEW_PRIVS is required to enable
  seccomp. This allows samples/seccomp/dropper to be run without
  CAP_SYS_ADMIN.

  Signed-off-by: Ricky Zhou
  Signed-off-by: Kees Cook

  Ricky Zhou

  2016-11-01 23:58:10 +0800  

14 Apr, 2012

1 commit

• 8ac270d1e   Documentation: prctl/seccomp_filter ... Browse Code »

  Documents how system call filtering using Berkeley Packet
  Filter programs works and how it may be used.
  Includes an example for x86 and a semi-generic
  example using a macro-based code generator.

  Acked-by: Eric Paris
  Signed-off-by: Will Drewry
  Acked-by: Kees Cook

  v18: - added acked by
  - update no new privs numbers
  v17: - remove @compat note and add Pitfalls section for arch checking
  (keescook@chromium.org)
  v16: -
  v15: -
  v14: - rebase/nochanges
  v13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc
  v12: - comment on the ptrace_event use
  - update arch support comment
  - note the behavior of SECCOMP_RET_DATA when there are multiple filters
  (keescook@chromium.org)
  - lots of samples/ clean up incl 64-bit bpf-direct support
  (markus@chromium.org)
  - rebase to linux-next
  v11: - overhaul return value language, updates (keescook@chromium.org)
  - comment on do_exit(SIGSYS)
  v10: - update for SIGSYS
  - update for new seccomp_data layout
  - update for ptrace option use
  v9: - updated bpf-direct.c for SIGILL
  v8: - add PR_SET_NO_NEW_PRIVS to the samples.
  v7: - updated for all the new stuff in v7: TRAP, TRACE
  - only talk about PR_SET_SECCOMP now
  - fixed bad JLE32 check (coreyb@linux.vnet.ibm.com)
  - adds dropper.c: a simple system call disabler
  v6: - tweak the language to note the requirement of
  PR_SET_NO_NEW_PRIVS being called prior to use. (luto@mit.edu)
  v5: - update sample to use system call arguments
  - adds a "fancy" example using a macro-based generator
  - cleaned up bpf in the sample
  - update docs to mention arguments
  - fix prctl value (eparis@redhat.com)
  - language cleanup (rdunlap@xenotime.net)
  v4: - update for no_new_privs use
  - minor tweaks
  v3: - call out BPF Berkeley Packet Filter (rdunlap@xenotime.net)
  - document use of tentative always-unprivileged
  - guard sample compilation for i386 and x86_64
  v2: - move code to samples (corbet@lwn.net)
  Signed-off-by: James Morris

  Will Drewry

  2012-04-14 09:13:22 +0800