mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

seccomp: prefer SCMP_ACT_KILL_PROCESS if available

Browse Source 
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS
action (https://github.com/seccomp/libseccomp/issues/96).

SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the
offending process, rather than having the SIGSYS handler running.

Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support,
as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still
prefer SCMP_ACT_TRAP.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
This commit is contained in:
Marc-André Lureau 2018-08-22 19:02:48 +02:00 committed by Eduardo Otubo
parent 6f2231e9b0
commit bda08a5764
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
qemu-seccomp.c
View File

@ -20,6 +20,7 @@
#include <sys/prctl.h> #include <sys/prctl.h>
#include <seccomp.h> #include <seccomp.h>
#include "sysemu/seccomp.h" #include "sysemu/seccomp.h"
#include <linux/seccomp.h>
/* For some architectures (notably ARM) cacheflush is not supported until /* For some architectures (notably ARM) cacheflush is not supported until
* libseccomp 2.2.3, but configure enforces that we are using a more recent * libseccomp 2.2.3, but configure enforces that we are using a more recent
@ -107,12 +108,40 @@ static const struct QemuSeccompSyscall blacklist[] = {
{ SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
}; };
static inline __attribute__((unused)) int
qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
{
#ifdef __NR_seccomp
return syscall(__NR_seccomp, operation, flags, args);
#else
errno = ENOSYS;
return -1;
#endif
}
static uint32_t qemu_seccomp_get_kill_action(void)
{
#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
defined(SECCOMP_RET_KILL_PROCESS)
{
uint32_t action = SECCOMP_RET_KILL_PROCESS;
if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
return SCMP_ACT_KILL_PROCESS;
}
}
#endif
return SCMP_ACT_TRAP;
}
static int seccomp_start(uint32_t seccomp_opts) static int seccomp_start(uint32_t seccomp_opts)
{ {
int rc = 0; int rc = 0;
unsigned int i = 0; unsigned int i = 0;
scmp_filter_ctx ctx; scmp_filter_ctx ctx;
uint32_t action = qemu_seccomp_get_kill_action();
ctx = seccomp_init(SCMP_ACT_ALLOW); ctx = seccomp_init(SCMP_ACT_ALLOW);
if (ctx == NULL) { if (ctx == NULL) {
@ -125,7 +154,7 @@ static int seccomp_start(uint32_t seccomp_opts)
continue; continue;
} }
rc = seccomp_rule_add_array(ctx, SCMP_ACT_TRAP, blacklist[i].num, rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
blacklist[i].narg, blacklist[i].arg_cmp); blacklist[i].narg, blacklist[i].arg_cmp);
if (rc < 0) { if (rc < 0) {
goto seccomp_return; goto seccomp_return;