qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 2/2] RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS

From: Eduardo Otubo
Subject: Re: [Qemu-devel] [PATCH 2/2] RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available
Date: Wed, 25 Jul 2018 12:42:36 +0200
User-agent: Mutt/1.8.3+47 (5f034395e53d) (2017-05-23) 
On 20/07/2018 - 17:44:25, Marc-André Lureau wrote:
> The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS
> action (https://github.com/seccomp/libseccomp/issues/96).
> 
> SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the
> offending process, rather than having the SIGSYS handler running.
> 
> Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support,
> as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still
> prefer SCMP_ACT_TRAP.
> 
> Signed-off-by: Marc-André Lureau <address@hidden>
> ---
>  qemu-seccomp.c | 30 +++++++++++++++++++++++++++++-
>  1 file changed, 29 insertions(+), 1 deletion(-)
> 
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index b117a92559..505887d5af 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -20,6 +20,7 @@
>  #include <sys/prctl.h>
>  #include <seccomp.h>
>  #include "sysemu/seccomp.h"
> +#include <linux/seccomp.h>
>  
>  /* For some architectures (notably ARM) cacheflush is not supported until
>   * libseccomp 2.2.3, but configure enforces that we are using a more recent
> @@ -107,12 +108,39 @@ static const struct QemuSeccompSyscall blacklist[] = {
>      { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
>  };
>  
> +static inline int
> +qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
> +{
> +#ifdef __NR_seccomp
> +    return syscall(__NR_seccomp, operation, flags, args);
> +#else
> +    return -1;
> +#endif
> +}
> +
> +static uint32_t qemu_seccomp_get_kill_action(void)
> +{
> +#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
> +    defined(SECCOMP_RET_KILL_PROCESS)
> +    {
> +        uint32_t action = SECCOMP_RET_KILL_PROCESS;
> +
> +        if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
> +            return SCMP_ACT_KILL_PROCESS;
> +        }
> +    }
> +#endif
> +
> +    return SCMP_ACT_TRAP;
> +}
> +
>  
>  static int seccomp_start(uint32_t seccomp_opts)
>  {
>      int rc = 0;
>      unsigned int i = 0;
>      scmp_filter_ctx ctx;
> +    uint32_t action = qemu_seccomp_get_kill_action();
>  
>      ctx = seccomp_init(SCMP_ACT_ALLOW);
>      if (ctx == NULL) {
> @@ -125,7 +153,7 @@ static int seccomp_start(uint32_t seccomp_opts)
>              continue;
>          }
>  
> -        rc = seccomp_rule_add_array(ctx, SCMP_ACT_TRAP, blacklist[i].num,
> +        rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
>                                      blacklist[i].narg, blacklist[i].arg_cmp);
>          if (rc < 0) {
>              goto seccomp_return;
> -- 
> 2.18.0.232.gb7bd9486b0
> 

Acked-by: Eduardo Otubo <address@hidden>

-- 
Eduardo Otubo

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]