superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include/uapi/linux
History
Giuseppe Scrivano 582f1fb6b7
fs, close_range: add flag CLOSE_RANGE_CLOEXEC 
When the flag CLOSE_RANGE_CLOEXEC is set, close_range doesn't
immediately close the files but it sets the close-on-exec bit.

It is useful for e.g. container runtimes that usually install a
seccomp profile "as late as possible" before execv'ing the container
process itself.  The container runtime could either do:
  1                                  2
- install_seccomp_profile();       - close_range(MIN_FD, MAX_INT, 0);
- close_range(MIN_FD, MAX_INT, 0); - install_seccomp_profile();
- execve(...);                     - execve(...);

Both alternative have some disadvantages.

In the first variant the seccomp_profile cannot block the close_range
syscall, as well as opendir/read/close/... for the fallback on older
kernels.
In the second variant, close_range() can be used only on the fds
that are not going to be needed by the runtime anymore, and it must be
potentially called multiple times to account for the different ranges
that must be closed.

Using close_range(..., ..., CLOSE_RANGE_CLOEXEC) solves these issues.
The runtime is able to use the existing open fds, the seccomp profile
can block close_range() and the syscalls used for its fallback.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Link: https://lore.kernel.org/r/20201118104746.873084-2-gscrivan@redhat.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 		2020-12-04 12:06:15 +01:00
..
android android: binder.h: drop a duplicated word 2020-07-23 09:35:36 +02:00
byteorder
caif net: caif: drop duplicate words in comments 2020-07-15 20:34:11 -07:00
can can: isotp: implement cleanups / improvements from review 2020-10-12 10:06:08 +02:00
cifs
dvb
genwqe
hdlc
hsi
iio iio: add IIO_MOD_O2 modifier 2020-08-22 10:53:12 +01:00
isdn
mmc
netfilter netfilter: nftables: allow re-computing sctp CRC-32C in 'payload' statements 2020-10-15 11:45:19 -07:00
netfilter_arp
netfilter_bridge
netfilter_ipv4
netfilter_ipv6
nfsd
raid raid: md_p.h: drop duplicated word in a comment 2020-07-21 22:05:32 -07:00
sched
spi spi: uapi: spidev: Use TABs for alignment 2020-06-15 16:03:38 +01:00
sunrpc
tc_act net/sched: act_mpls: Add action to push MPLS LSE before Ethernet header 2020-10-03 17:28:45 -07:00
tc_ematch
usb include/: replace HTTP links with HTTPS ones 2020-08-12 10:57:59 -07:00
wimax
a.out.h
acct.h
adb.h
adfs_fs.h
affs_hardblocks.h
agpgart.h
aio_abi.h
am437x-vpfe.h
apm_bios.h
arcfb.h
arm_sdei.h
aspeed-lpc-ctrl.h
aspeed-p2a-ctrl.h
atalk.h
atm.h
atm_eni.h
atm_he.h
atm_idt77105.h
atm_nicstar.h
atm_tcp.h
atm_zatm.h
atmapi.h
atmarp.h
atmbr2684.h
atmclip.h
atmdev.h
atmioc.h atm: Replace HTTP links with HTTPS ones 2020-07-13 17:01:44 -07:00
atmlec.h
atmmpc.h
atmppp.h
atmsap.h
atmsvc.h
audit.h audit: report audit wait metric in audit status reply 2020-07-21 11:21:44 -04:00
auto_dev-ioctl.h autofs: fix doubled word 2020-08-12 10:58:00 -07:00
auto_fs.h
auto_fs4.h
auxvec.h
ax25.h
batadv_packet.h batman-adv: Fix typos and grammar in documentation 2020-06-26 10:36:30 +02:00
batman_adv.h batman-adv: Introduce a configurable per interface hop penalty 2020-06-26 10:37:11 +02:00
baycom.h
bcache.h bcache: add bucket_size_hi into struct cache_sb_disk for large bucket 2020-07-25 07:38:21 -06:00
bcm933xx_hcs.h
bfs_fs.h
binfmts.h
blkpg.h
blktrace_api.h
blkzoned.h block: fix uapi blkzoned.h comments 2020-10-09 12:47:02 -06:00
bpf.h bpf: Fix bpf_redirect_neigh helper api to support supplying nexthop 2020-10-22 01:28:54 +02:00
bpf_common.h
bpf_perf_event.h
bpfilter.h
bpqether.h
bsg.h
bt-bmc.h
btf.h
btrfs.h btrfs: add metadata_uuid to FS_INFO ioctl 2020-07-27 12:55:43 +02:00
btrfs_tree.h btrfs: tree-checker: fix false alert caused by legacy btrfs root item 2020-10-07 12:13:23 +02:00
can.h
capability.h block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE 2020-09-01 19:38:33 -06:00
capi.h
cciss_defs.h
cciss_ioctl.h
cdrom.h block: scsi_ioctl: Avoid the use of one-element arrays 2020-10-02 17:58:52 -06:00
cec-funcs.h
cec.h
cgroupstats.h
chio.h
close_range.h fs, close_range: add flag CLOSE_RANGE_CLOEXEC 2020-12-04 12:06:15 +01:00
cm4000_cs.h
cn_proc.h
coda.h
coff.h
connector.h
const.h
coresight-stm.h coresight: stm: Support marked packet 2020-09-17 18:46:04 +02:00
cramfs_fs.h
cryptouser.h
cuda.h
cyclades.h
cycx_cfm.h
dcbnl.h
dccp.h
devlink.h devlink: Fix reload stats structure 2020-11-24 13:04:04 -08:00
dlm.h
dlm_device.h
dlm_netlink.h
dlm_plock.h
dlmconstants.h
dm-ioctl.h dm: export dm_copy_name_and_uuid 2020-10-01 15:03:40 -04:00
dm-log-userspace.h
dma-buf.h
dma-heap.h
dn.h
dns_resolver.h
dqblk_xfs.h quota: Expand comment describing d_itimer 2020-09-10 09:10:06 +02:00
edd.h
efs_fs_sb.h
elf-em.h
elf-fdpic.h
elf.h arm64: mte: ptrace: Add NT_ARM_TAGGED_ADDR_CTRL regset 2020-09-04 12:46:07 +01:00
errno.h
errqueue.h icmp: support rfc 4884 2020-07-19 19:20:22 -07:00
erspan.h
ethtool.h ethtool: Add 100base-FX link mode entries 2020-09-19 16:54:35 -07:00
ethtool_netlink.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-09-22 16:45:34 -07:00
eventpoll.h
fadvise.h
falloc.h
fanotify.h fanotify: add support for FAN_REPORT_NAME 2020-07-27 23:24:00 +02:00
fb.h drm/fb-helper: Fix vt restore 2020-06-24 21:34:11 +02:00
fcntl.h
fd.h
fdreg.h
fib_rules.h
fiemap.h A lot of bug fixes and cleanups for ext4, including: 2020-06-05 16:19:28 -07:00
filter.h
firewire-cdev.h
firewire-constants.h
fou.h
fpga-dfl.h fpga: dfl: afu: add AFU interrupt support 2020-07-06 21:37:08 -07:00
fs.h
fscrypt.h fscrypt: make "#define fscrypt_policy" user-only 2020-09-22 06:48:44 -07:00
fsi.h
fsl_hypervisor.h
fsmap.h
fsverity.h
fuse.h fuse: add submount support to <uapi/linux/fuse.h> 2020-09-18 15:17:40 +02:00
futex.h
gameport.h
gen_stats.h
genetlink.h genetlink: allow dumping command-specific policy 2020-10-03 14:18:29 -07:00
gfs2_ondisk.h gfs2: Keep track of deleted inode generations in LVBs 2020-06-05 20:19:20 +02:00
gpio.h gpio: uapi: clarify the meaning of 'empty' char arrays 2020-10-28 15:46:47 +01:00
gsmmux.h
gtp.h gtp: add notification mechanism 2020-08-27 08:01:47 -07:00
hash_info.h
hdlc.h
hdlcdrv.h
hdreg.h
hid.h
hiddev.h
hidraw.h
hpet.h
hsr_netlink.h hsr: enhance netlink socket interface to support PRP 2020-07-27 12:20:40 -07:00
hw_breakpoint.h
hyperv.h hyperv: hyperv.h: drop a duplicated word 2020-07-23 17:55:20 +00:00
i2c-dev.h
i2c.h
i2o-dev.h
i8k.h
icmp.h icmp: support rfc 4884 2020-07-19 19:20:22 -07:00
icmpv6.h ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition 2020-10-31 13:16:02 -07:00
idxd.h Merge branch 'for-linus' into fixes 2020-08-05 19:02:07 +05:30
if.h
if_addr.h
if_addrlabel.h
if_alg.h crypto: af_alg - add extra parameters for DRBG interface 2020-09-25 17:48:52 +10:00
if_arcnet.h
if_arp.h
if_bonding.h
if_bridge.h net: bridge: mcast: add support for blocked port groups 2020-09-23 13:24:34 -07:00
if_cablemodem.h
if_eql.h
if_ether.h
if_fc.h
if_fddi.h
if_frad.h
if_hippi.h
if_infiniband.h
if_link.h net: remove comments on struct rtnl_link_stats 2020-09-17 17:58:13 -07:00
if_ltalk.h
if_macsec.h
if_packet.h
if_phonet.h
if_plip.h
if_ppp.h
if_pppol2tp.h l2tp: remove tunnel and session debug flags field 2020-08-22 12:44:37 -07:00
if_pppox.h
if_slip.h
if_team.h
if_tun.h
if_tunnel.h
if_vlan.h
if_x25.h
if_xdp.h xsk: Add new statistics 2020-07-13 15:32:56 -07:00
ife.h
igmp.h
ila.h
in.h net: Fix some comments 2020-08-27 07:55:59 -07:00
in6.h icmp6: support rfc 4884 2020-07-24 17:12:41 -07:00
in_route.h
inet_diag.h ip: expose inet sockopts through inet_diag 2020-09-03 15:17:28 -07:00
inotify.h
input-event-codes.h Input: allocate keycode for Fn + right shift 2020-09-08 16:31:14 -07:00
input.h
io_uring.h io_uring: provide IORING_ENTER_SQ_WAIT for SQPOLL SQ ring waits 2020-09-30 20:32:33 -06:00
ioctl.h
iommu.h iommu/vt-d: Check UAPI data processed by IOMMU core 2020-10-01 14:52:46 +02:00
ip.h
ip6_tunnel.h
ip_vs.h
ipc.h
ipmi.h
ipmi_bmc.h
ipmi_msgdefs.h ipmi:msghandler: retry to get device id on an error 2020-09-15 09:57:45 -05:00
ipsec.h
ipv6.h
ipv6_route.h
ipx.h
irqnr.h
iso_fs.h
isst_if.h platform/x86: ISST: drop a duplicated word in isst_if.h 2020-07-27 16:34:12 +03:00
ivtv.h
ivtvfb.h
jffs2.h
joystick.h
kcm.h
kcmp.h
kcov.h
kd.h
kdev_t.h
kernel-page-flags.h
kernel.h
kernelcapi.h
kexec.h
keyboard.h
keyctl.h
kfd_ioctl.h include/uapi/linux: Fix indentation in kfd_smi_event enum 2020-08-31 14:40:29 -04:00
kvm.h kvm: x86: only provide PV features if enabled in guest's CPUID 2020-10-21 17:36:32 -04:00
kvm_para.h
l2tp.h l2tp: report rx cookie discards in netlink get 2020-09-29 13:26:36 -07:00
libc-compat.h
lightnvm.h
limits.h
lirc.h
llc.h
loop.h
lp.h
lwtunnel.h
magic.h
major.h
map_to_7segment.h include/: replace HTTP links with HTTPS ones 2020-08-12 10:57:59 -07:00
matroxfb.h
max2175.h
mdio.h net: phy: add USXGMII link partner ability constants 2020-07-19 18:05:49 -07:00
media-bus-format.h
media.h
mei.h mei: add connect with vtag ioctl 2020-08-18 15:44:44 +02:00
membarrier.h rseq/membarrier: Add MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ 2020-09-25 14:23:27 +02:00
memfd.h
mempolicy.h
meye.h
mii.h
minix_fs.h
mman.h powerpc/8xx: Support 16k hugepages with 4k pages 2020-09-15 22:13:31 +10:00
mmtimer.h
module.h
mount.h Add a "nosymfollow" mount option. 2020-08-27 16:06:47 -04:00
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: add MPTCP socket diag interface 2020-07-09 12:38:41 -07:00
mqueue.h
mroute.h ipmr: Add high byte of VIF ID to igmpmsg 2020-09-10 12:25:51 -07:00
mroute6.h
mrp_bridge.h bridge: uapi: mrp: Extend MRP attributes for MRP interconnect 2020-07-14 13:46:42 -07:00
msdos_fs.h
msg.h
mtio.h
n_r3964.h
nbd-netlink.h
nbd.h
ncsi.h
ndctl.h ACPI: NFIT: Define runtime firmware activation commands 2020-07-25 19:34:47 -06:00
neighbour.h net: bridge: add a flag to avoid refreshing fdb when changing/adding 2020-06-24 14:36:33 -07:00
net.h
net_dropmon.h
net_namespace.h
net_tstamp.h
netconf.h
netdevice.h
netfilter.h netfilter: restore NF_INET_NUMHOOKS 2020-10-14 20:28:05 -07:00
netfilter_arp.h
netfilter_bridge.h
netfilter_decnet.h
netfilter_ipv4.h
netfilter_ipv6.h
netlink.h netlink: export policy in extended ACK 2020-10-09 20:22:32 -07:00
netlink_diag.h
netrom.h
nexthop.h
nfc.h
nfs.h
nfs2.h
nfs3.h
nfs4.h NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag 2020-10-16 09:28:43 -04:00
nfs4_mount.h
nfs_fs.h NFSv4.2: add client side xattr caching. 2020-07-13 17:52:46 -04:00
nfs_idmap.h
nfs_mount.h
nfsacl.h NFSACL: Replace PROC() macro with open code 2020-10-02 09:37:41 -04:00
nilfs2_api.h
nilfs2_ondisk.h
nitro_enclaves.h nitro_enclaves: Add ioctl interface definition 2020-09-22 13:58:40 +02:00
nl80211.h nl80211: extend support to config spatial reuse parameter set 2020-09-28 15:07:41 +02:00
nsfs.h
nubus.h
nvme_ioctl.h
nvram.h
omap3isp.h
omapfb.h
oom.h
openat2.h
openvswitch.h net: openvswitch: fix TTL decrement action netlink message format 2020-11-27 11:03:06 -08:00
packet_diag.h
param.h
parport.h
patchkey.h
pci.h
pci_regs.h Merge branch 'remotes/lorenzo/pci/dwc' 2020-10-21 09:58:39 -05:00
pcitest.h
perf_event.h perf: correct SNOOPX field offset 2020-10-19 19:39:22 +02:00
personality.h
pfkeyv2.h
pg.h
phantom.h
phonet.h
pidfd.h pidfd: support PIDFD_NONBLOCK in pidfd_open() 2020-09-04 12:34:50 +02:00
pkt_cls.h net/sched: cls_flower: Add hash info to flow classification 2020-07-24 15:23:31 -07:00
pkt_sched.h net: sched: sch_red: Add qevents "early_drop" and "mark" 2020-06-29 17:08:28 -07:00
pktcdvd.h
pmu.h
poll.h
posix_acl.h
posix_acl_xattr.h
posix_types.h
ppdev.h
ppp-comp.h
ppp-ioctl.h
ppp_defs.h
pps.h
pr.h
prctl.h arm64: mte: Allow user control of the generated random tags via prctl() 2020-09-04 12:46:07 +01:00
psample.h
psci.h
psp-sev.h
ptp_clock.h ptp: introduce a phase offset in the periodic output request 2020-07-19 19:22:56 -07:00
ptrace.h
qemu_fw_cfg.h
qnx4_fs.h
qnxtypes.h
qrtr.h
quota.h
radeonfb.h
random.h
raw.h char: raw: do not leak CONFIG_MAX_RAW_DEVS to userspace 2020-07-10 14:50:51 +02:00
rds.h rds: transport module should be auto loaded when transport is set 2020-06-25 16:26:25 -07:00
reboot.h
reiserfs_fs.h
reiserfs_xattr.h
remoteproc_cdev.h remoteproc: Add remoteproc character device interface 2020-08-04 20:16:37 -07:00
resource.h
rfkill.h
rio_cm_cdev.h
rio_mport_cdev.h
romfs_fs.h
rose.h
route.h
rpl.h
rpl_iptunnel.h
rpmsg.h
rseq.h
rtc.h
rtnetlink.h bridge: Extend br_fill_ifinfo to return MPR status 2020-07-02 14:19:15 -07:00
rxrpc.h rxrpc: Fix accept on a connection that need securing 2020-10-05 16:35:57 +01:00
scc.h
sched.h
scif_ioctl.h
screen_info.h
sctp.h
sdla.h
seccomp.h seccomp: Introduce addfd ioctl to seccomp user notifier 2020-07-14 16:29:42 -07:00
securebits.h
sed-opal.h
seg6.h
seg6_genl.h
seg6_hmac.h
seg6_iptunnel.h seg6_iptunnel: Refactor seg6_lwt_headroom out of uapi header 2020-08-03 17:57:40 -07:00
seg6_local.h
selinux_netlink.h
sem.h
serial.h
serial_core.h serial: Remove duplicated macro definition of port type 2020-07-06 14:06:08 +02:00
serial_reg.h
serio.h
shm.h
signal.h
signalfd.h
smc.h
smc_diag.h
smiapp.h
snmp.h tcp: skip DSACKs with dubious sequence ranges 2020-09-24 20:15:45 -07:00
sock_diag.h
socket.h
sockios.h
sonet.h
sonypi.h
sound.h
soundcard.h
stat.h New code for 5.8: 2020-06-02 19:45:12 -07:00
stddef.h
stm.h
string.h
suspend_ioctls.h
swab.h
switchtec_ioctl.h
sync_file.h
synclink.h
sysctl.h
sysinfo.h
target_core_user.h scsi: target: tcmu: Implement tmr_notify callback 2020-07-28 22:25:30 -04:00
taskstats.h
tcp.h tcp: add earliest departure time to SCM_TIMESTAMPING_OPT_STATS 2020-07-31 17:00:44 -07:00
tcp_metrics.h
tee.h driver: tee: Handle NULL pointer indication from client 2020-08-21 08:55:13 +02:00
termios.h
thermal.h thermal: core: genetlink support for events/cmd/sampling 2020-07-07 15:55:21 +02:00
time.h
time_types.h
timerfd.h
times.h
timex.h
tiocl.h
tipc.h tipc: add automatic rekeying for encryption key 2020-09-18 13:58:37 -07:00
tipc_config.h
tipc_netlink.h tipc: add automatic rekeying for encryption key 2020-09-18 13:58:37 -07:00
tipc_sockets_diag.h
tls.h
toshiba.h
tty.h
tty_flags.h
types.h include/: replace HTTP links with HTTPS ones 2020-08-12 10:57:59 -07:00
udf_fs_i.h
udmabuf.h
udp.h
uhid.h
uinput.h
uio.h
uleds.h
ultrasound.h
um_timetravel.h
un.h
unistd.h
unix_diag.h
usbdevice_fs.h
usbip.h
userfaultfd.h
userio.h
utime.h
utsname.h
uuid.h
uvcvideo.h
v4l2-common.h
v4l2-controls.h media: v4l2-ctrl: Add VP9 codec levels 2020-09-14 15:39:42 +02:00
v4l2-dv-timings.h
v4l2-mediabus.h media: v4l2: extend the CSC API to subdevice. 2020-09-26 10:22:29 +02:00
v4l2-subdev.h media: v4l2: extend the CSC API to subdevice. 2020-09-26 10:22:29 +02:00
vbox_err.h
vbox_vmmdev_types.h virt: vbox: Add a few new vmmdev request types to the userspace whitelist 2020-07-10 13:45:32 +02:00
vboxguest.h virt: vbox: Add support for the new VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES ioctl 2020-07-10 13:45:32 +02:00
veth.h
vfio.h Merge branches 'v5.10/vfio/fsl-mc-v6' and 'v5.10/vfio/zpci-info-v3' into v5.10/vfio/next 2020-10-12 11:41:02 -06:00
vfio_ccw.h vfio-ccw: Introduce a new CRW region 2020-06-03 11:27:43 +02:00
vfio_zdev.h vfio: Introduce capability definitions for VFIO_DEVICE_GET_INFO 2020-10-07 14:23:44 -06:00
vhost.h vhost: vdpa: report iova range 2020-10-23 11:55:28 -04:00
vhost_types.h vhost: vdpa: report iova range 2020-10-23 11:55:28 -04:00
videodev2.h Linux 5.9-rc7 2020-10-04 12:19:12 +02:00
virtio_9p.h virtio_9p: correct tags for config space fields 2020-08-05 09:30:19 -04:00
virtio_balloon.h virtio_balloon: correct tags for config space fields 2020-08-05 09:30:20 -04:00
virtio_blk.h virtio_blk: correct tags for config space fields 2020-08-05 11:08:39 -04:00
virtio_config.h virtio: VIRTIO_F_IOMMU_PLATFORM -> VIRTIO_F_ACCESS_PLATFORM 2020-08-03 16:11:42 -04:00
virtio_console.h virtio_console: correct tags for config space fields 2020-08-05 11:08:39 -04:00
virtio_crypto.h virtio_crypto: correct tags for config space fields 2020-08-05 11:08:39 -04:00
virtio_fs.h virtiofs: set up virtio_fs dax_device 2020-09-10 11:39:22 +02:00
virtio_gpu.h Linux 5.9-rc1 2020-08-18 14:14:25 +02:00
virtio_ids.h virtio-mem: Paravirtualized memory hotplug 2020-06-04 15:36:52 -04:00
virtio_input.h virtio_input: correct tags for config space fields 2020-08-05 11:08:40 -04:00
virtio_iommu.h virtio_iommu: correct tags for config space fields 2020-08-05 11:08:40 -04:00
virtio_mem.h virtio_mem: correct tags for config space fields 2020-08-05 11:08:40 -04:00
virtio_mmio.h virtio: Implement get_shm_region for MMIO transport 2020-09-10 10:05:58 +02:00
virtio_net.h virtio_net: use LE accessors for speed/duplex 2020-08-05 11:08:41 -04:00
virtio_pci.h virtio: Implement get_shm_region for PCI transport 2020-09-10 10:05:58 +02:00
virtio_pmem.h virtio_pmem: correct tags for config space fields 2020-08-05 11:08:40 -04:00
virtio_ring.h
virtio_rng.h
virtio_scsi.h virtio_scsi: correct tags for config space fields 2020-08-05 11:08:40 -04:00
virtio_types.h
virtio_vsock.h
vm_sockets.h
vm_sockets_diag.h
vmcore.h
vsockmon.h
vt.h
vtpm_proxy.h
wait.h
watch_queue.h
watchdog.h
wimax.h
wireguard.h
wireless.h net/wireless: wireless.h: drop duplicate word in comments 2020-07-31 09:24:23 +02:00
wmi.h
x25.h
xattr.h ext4: support xattr gnu.* namespace for the Hurd 2020-06-12 13:23:34 -04:00
xdp_diag.h xsk: Add xdp statistics to xsk_diag 2020-07-13 15:32:56 -07:00
xfrm.h xfrm: introduce oseq-may-wrap flag 2020-06-24 07:51:01 +02:00
xilinx-v4l2-controls.h
zorro.h
zorro_ids.h