linux/Documentation
Vincent Bernat d59577b6ff sk-filter: Add ability to lock a socket filter program
While a privileged program can open a raw socket, attach some
restrictive filter and drop its privileges (or send the socket to an
unprivileged program through some Unix socket), the filter can still
be removed or modified by the unprivileged program. This commit adds a
socket option to lock the filter (SO_LOCK_FILTER) preventing any
modification of a socket filter program.

This is similar to OpenBSD BIOCLOCK ioctl on bpf sockets, except even
root is not allowed change/drop the filter.

The state of the lock can be read with getsockopt(). No error is
triggered if the state is not changed. -EPERM is returned when a user
tries to remove the lock or to change/remove the filter while the lock
is active. The check is done directly in sk_attach_filter() and
sk_detach_filter() and does not affect only setsockopt() syscall.

Signed-off-by: Vincent Bernat <bernat@luffy.cx>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-17 03:21:25 -05:00
..
ABI Merge branch 'akpm' (Andrew's patch-bomb) 2012-12-20 20:00:43 -08:00
accounting doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c 2012-11-26 14:22:21 +01:00
acpi Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
aoe aoe: allow user to disable target failure timeout 2012-12-17 17:15:25 -08:00
arm fbdev changes for 3.8: 2012-12-15 13:03:48 -08:00
arm64 Documentation: Fixes a word in Documentation/arm64/memory.txt 2012-11-29 16:33:18 +00:00
auxdisplay
backlight drivers/video/backlight/lp855x_bl.c: use generic PWM functions 2012-12-17 17:15:16 -08:00
blackfin Documentation: Fix typo in multiple files in Documentation 2012-04-16 14:37:13 +02:00
block block: Kill bi_destructor 2012-09-09 10:35:39 +02:00
blockdev Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
bus-devices ARM: OMAP2+: gpmc: generic timing calculation 2012-11-09 18:07:11 +05:30
cdrom
cgroups kmem: add slab-specific documentation about the kmem controller 2012-12-18 15:02:15 -08:00
connector connector: Move cn_test.c away from NLMSG_PUT(). 2012-06-26 21:19:02 -07:00
console
cpu-freq acpi-cpufreq: Add support for disabling dynamic overclocking 2012-09-09 22:05:12 +02:00
cpuidle Honor state disabling in the cpuidle ladder governor 2012-09-04 01:35:44 +02:00
cris CRIS: Update documentation 2012-04-03 13:09:18 +02:00
crypto KEYS: Document asymmetric key type 2012-10-08 13:50:12 +10:30
development-process Documentation: Update stable address 2011-12-12 14:14:31 -08:00
device-mapper DM RAID: Add rebuild capability for RAID10 2012-10-11 13:40:24 +11:00
devicetree ARM: arm-soc fixes for 3.8-rc 2013-01-08 18:53:56 -08:00
DocBook Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
driver-model pwm: add devm_pwm_get() and devm_pwm_put() 2012-09-10 17:05:45 +02:00
dvb get_dvb_firmware: fix download site for tda10046 firmware 2012-09-28 16:16:00 -03:00
early-userspace
EDID drm: allow loading an EDID as firmware to override broken monitor 2012-03-20 10:09:28 +00:00
extcon Documentation/extcon: porting guide for Android kernel switch driver. 2012-04-20 09:24:27 -07:00
fault-injection doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
fb Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
filesystems Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-12-20 18:14:31 -08:00
firmware_class firmware loader: document firmware cache mechanism 2012-11-14 15:07:18 -08:00
frv
hid doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
hwmon hwmon: (it87) Report thermal sensor type as Intel PECI if appropriate 2012-12-19 22:17:02 +01:00
i2c Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
i2o Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
ia64 doc: aliasing-test: close fd on write error 2012-09-01 09:57:10 -07:00
ide Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
infiniband IB/ipoib: Add rtnl_link_ops support 2012-09-20 16:49:17 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2012-12-13 12:00:48 -08:00
ioctl ioctl-number.txt: Remove legacy private ioctl's from media drivers 2012-08-14 00:07:39 -03:00
isdn Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
ja_JP
kbuild Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
kdump kexec: update URL of kexec homepage 2012-07-18 18:35:57 -07:00
ko_KR driver-core: documentation: fix up Greg's email address 2012-02-15 14:48:01 -08:00
laptops Documentation: fix the VM knobs descritpion WRT pdflush 2012-08-04 12:15:09 +04:00
leds leds-lp5523: add channel name in the platform data 2012-09-11 18:32:41 +08:00
m68k
make
memory-devices memory: emif: add basic infrastructure for EMIF driver 2012-05-02 00:10:49 -07:00
mips
misc-devices doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
mmc mmc: core: Extend sysfs to ext_csd parameters for RPMB support 2012-12-06 13:54:48 -05:00
mn10300
mtd
namespaces
netlabel
networking sk-filter: Add ability to lock a socket filter program 2013-01-17 03:21:25 -05:00
nfc NFC: Error management documentation 2012-07-09 16:42:11 -04:00
parisc Documentation: Fix typo in multiple files in Documentation 2012-04-16 14:37:13 +02:00
PCI Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
pcmcia
power PM: Move disabling/enabling runtime PM to late suspend/early resume 2013-01-06 00:35:55 +01:00
powerpc powerpc/hw-breakpoint: Use generic hw-breakpoint interfaces for new PPC ptrace flags 2012-11-15 13:00:23 +11:00
pps
prctl seccomp: Make syscall skipping and nr changes more consistent 2012-10-02 21:14:29 +10:00
pti
ptp
rapidio
RCU Merge branches 'urgent.2012.10.27a', 'doc.2012.11.16a', 'fixes.2012.11.13a', 'srcu.2012.10.27a', 'stall.2012.11.13a', 'tracing.2012.11.08a' and 'idle.2012.10.24a' into HEAD 2012-11-16 09:59:58 -08:00
s390 Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
scheduler sched: Remove __ARCH_WANT_INTERRUPTS_ON_CTXSW 2012-09-13 16:52:04 +02:00
scsi [SCSI] hptiop: Support HighPoint RR4520/RR4522 HBA 2012-11-27 08:59:43 +04:00
security Documentation: fix Documentation/security/00-INDEX 2012-12-17 17:15:22 -08:00
serial firmware: remove computone driver firmware and documentation 2012-08-16 12:31:18 -07:00
sh
sound ALSA: usb-audio: Deprecate async_unlink option 2012-11-21 11:37:40 +01:00
spi Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
sysctl Documentation/sysctl/kernel.txt: document /proc/sys/shmall 2013-01-04 16:11:46 -08:00
target target: Simplify fabric sense data length handling 2012-09-17 17:12:58 -07:00
thermal Thermal: Add documentation for platform layer data 2012-11-05 14:00:09 +08:00
timers
trace doc: fix old config name of kprobetrace 2012-09-27 12:11:29 +02:00
usb USB: report submission of active URBs 2012-11-11 18:10:46 -08:00
vDSO
video4linux Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
virtual KVM: PPC: booke: Get/set guest EPCR register using ONE_REG interface 2012-12-06 01:34:20 +01:00
vm Merge branch 'akpm' (Andrew's patch-bomb) 2012-12-13 13:11:15 -08:00
w1 1-Wire: Add support for the maxim ds1825 temperature sensor 2012-08-16 12:33:59 -07:00
watchdog watchdog: fix watchdog-test.c build warning 2012-08-29 17:12:58 +02:00
wimax
x86 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-19 12:56:42 -08:00
xtensa xtensa: initialize atomctl SR 2012-12-18 21:10:22 -08:00
zh_CN Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
.gitignore
00-INDEX Documentation: remove reference to feature-removal-schedule.txt 2012-12-17 17:15:12 -08:00
applying-patches.txt
atomic_ops.txt doc: Add load/store guarantees to Documentation/atomic-ops.txt 2011-12-11 10:31:58 -08:00
bad_memory.txt
basic_profiling.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
Changes
circular-buffers.txt
clk.txt Documentation: common clk API 2012-03-16 20:35:01 +00:00
coccinelle.txt coccinelle.txt: update documentation to include M= option 2012-01-14 22:25:56 +01:00
CodingStyle CodingStyle: add networking specific block comment style 2012-10-06 03:04:59 +09:00
cpu-hotplug.txt doc: Add x86 CPU0 online/offline feature 2012-11-14 09:39:44 -08:00
cpu-load.txt
cputopology.txt
crc32.txt crc32: move long comment about crc32 fundamentals to Documentation/ 2012-03-23 16:58:37 -07:00
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt firmware: remove last vestiges of dabusb 2012-11-21 13:03:01 -08:00
digsig.txt
DMA-API-HOWTO.txt Documentation DMA-API-HOWTO.txt Add dma mapping error check usage examples 2012-10-24 17:07:43 +02:00
DMA-API.txt dma-debug: New interfaces to debug dma mapping errors 2012-10-24 17:06:43 +02:00
DMA-attributes.txt common: DMA-mapping: add DMA_ATTR_FORCE_CONTIGUOUS attribute 2012-11-29 03:30:34 -08:00
dma-buf-sharing.txt doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
DMA-ISA-LPC.txt
dmaengine.txt Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
dontdiff x86: remove offsets.h from .gitignore and dontdiff 2012-11-19 14:10:53 +01:00
dynamic-debug-howto.txt dynamic_debug: update Documentation/*, Kconfig.debug 2012-04-30 16:26:30 -04:00
edac.txt Merge branch 'devel' 2012-07-29 21:11:05 -03:00
eisa.txt MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
email-clients.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gpio.txt gpiolib: provide provision to register pin ranges 2012-11-11 19:06:00 +01:00
highuid.txt
HOWTO HOWTO: fix double words typo 2012-12-10 15:54:27 +01:00
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt Documentation/initrd.txt: Change the location of util-linux 2012-05-25 16:18:34 +02:00
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt IPMI: Remove SMBus driver info from the docs 2012-10-16 18:07:12 -07:00
IRQ-affinity.txt
IRQ-domain.txt irqdomain: update documentation 2012-12-05 23:52:10 +00:00
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt Kernel-doc: Convention: Use a "Return" section to describe return values 2012-11-27 21:08:57 +01:00
kernel-docs.txt
kernel-parameters.txt Documentation: kernel-parameters.txt remove capability.disable 2012-12-20 17:40:19 -08:00
kmemcheck.txt
kmemleak.txt kmemleak: Handle percpu memory allocation 2011-12-02 16:12:42 +00:00
kobject.txt Documentation: Fix "struct kobj_type" to include newer members. 2012-09-04 16:06:34 -07:00
kprobes.txt
kref.txt kref: Add kref_get_unless_zero documentation 2012-11-28 18:36:06 +10:00
ldm.txt
local_ops.txt
lockdep-design.txt lockdep: Update documentation for lock-class leak detection 2011-12-11 10:31:23 -08:00
lockstat.txt
lockup-watchdogs.txt watchdog: Update documentation 2012-02-11 15:11:28 +01:00
logo.gif
logo.txt
magic-number.txt drivers/net: fix up stale paths from driver reorg 2012-01-30 12:54:40 -05:00
Makefile mei: move doc files Documentation/misc-devices/mei 2012-05-09 13:59:09 -07:00
ManagementStyle Documentation: ManagementStyle: fixed typo 2012-06-28 12:03:15 +02:00
md.txt md: create externally visible flags for supporting hot-replace. 2011-12-23 10:17:51 +11:00
media-framework.txt [media] media: Add link_validate() op to check links to the sink pad 2012-05-14 08:44:11 -03:00
memory-barriers.txt Documentation: Fix memory-barriers.txt example 2012-10-23 14:44:46 -07:00
memory-hotplug.txt hotplug: update nodemasks management 2012-12-12 17:38:33 -08:00
mono.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
mutex-design.txt
nommu-mmap.txt
numastat.txt Doc: Update numastat.txt 2012-02-28 16:05:06 +01:00
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
percpu-rw-semaphore.txt percpu-rw-semaphore: fix documentation typos 2012-09-26 19:56:15 +02:00
pi-futex.txt
pinctrl.txt gpiolib: provide provision to register pin ranges 2012-11-11 19:06:00 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt lib/vsprintf: update documentation to cover all of %p[Mm][FR] 2012-10-06 03:04:50 +09:00
pwm.txt pwm: add devm_pwm_get() and devm_pwm_put() 2012-09-10 17:05:45 +02:00
ramoops.txt pstore/ftrace: Convert to its own enable/disable debugfs knob 2012-09-06 22:16:58 -07:00
rbtree.txt rbtree: move augmented rbtree functionality to rbtree_augmented.h 2012-10-09 16:22:40 +09:00
remoteproc.txt remoteproc: add rproc_report_crash function to notify rproc crashes 2012-09-18 12:53:22 +03:00
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rt-mutex-design.txt
rt-mutex.txt
rtc.txt rtc-proc: permit the /proc/driver/rtc device to use other devices 2012-10-06 03:05:01 +09:00
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt
smsc_ece1099.txt mfd: smsc: Add support for smsc gpio io/keypad driver 2012-10-01 15:27:48 +02:00
sparse.txt Documentation/sparse.txt: document context annotations for lock checking 2012-12-17 17:15:23 -08:00
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable: Allow merging of backports for serious user-visible performance issues 2012-06-25 12:11:58 -07:00
static-keys.txt Documentation: Fix typo in multiple files in Documentation 2012-04-16 14:37:13 +02:00
SubmitChecklist
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: suggested the use of scripts/get_maintainer.pl 2012-05-25 16:18:30 +02:00
svga.txt
sysfs-rules.txt
sysrq.txt sparc64: Add global PMU register dumping via sysrq. 2012-10-16 09:34:01 -07:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt vfio: Trivial Documentation correction 2012-09-21 10:48:03 -06:00
VGA-softcursor.txt
vgaarbiter.txt misc latin1 to utf8 conversions 2012-01-02 13:04:55 +01:00
video-output.txt
vme_api.txt VME: Move API documentation to Documentation folder 2012-05-08 16:01:34 -07:00
volatile-considered-harmful.txt
workqueue.txt workqueue: reimplement WQ_HIGHPRI using a separate worker_pool 2012-07-13 22:24:45 -07:00
xz.txt
zorro.txt