[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 2/2] RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS
From: |
Eduardo Otubo |
Subject: |
Re: [Qemu-devel] [PATCH 2/2] RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available |
Date: |
Wed, 25 Jul 2018 12:42:36 +0200 |
User-agent: |
Mutt/1.8.3+47 (5f034395e53d) (2017-05-23) |
On 20/07/2018 - 17:44:25, Marc-André Lureau wrote:
> The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS
> action (https://github.com/seccomp/libseccomp/issues/96).
>
> SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the
> offending process, rather than having the SIGSYS handler running.
>
> Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support,
> as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still
> prefer SCMP_ACT_TRAP.
>
> Signed-off-by: Marc-André Lureau <address@hidden>
> ---
> qemu-seccomp.c | 30 +++++++++++++++++++++++++++++-
> 1 file changed, 29 insertions(+), 1 deletion(-)
>
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index b117a92559..505887d5af 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -20,6 +20,7 @@
> #include <sys/prctl.h>
> #include <seccomp.h>
> #include "sysemu/seccomp.h"
> +#include <linux/seccomp.h>
>
> /* For some architectures (notably ARM) cacheflush is not supported until
> * libseccomp 2.2.3, but configure enforces that we are using a more recent
> @@ -107,12 +108,39 @@ static const struct QemuSeccompSyscall blacklist[] = {
> { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
> };
>
> +static inline int
> +qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
> +{
> +#ifdef __NR_seccomp
> + return syscall(__NR_seccomp, operation, flags, args);
> +#else
> + return -1;
> +#endif
> +}
> +
> +static uint32_t qemu_seccomp_get_kill_action(void)
> +{
> +#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
> + defined(SECCOMP_RET_KILL_PROCESS)
> + {
> + uint32_t action = SECCOMP_RET_KILL_PROCESS;
> +
> + if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
> + return SCMP_ACT_KILL_PROCESS;
> + }
> + }
> +#endif
> +
> + return SCMP_ACT_TRAP;
> +}
> +
>
> static int seccomp_start(uint32_t seccomp_opts)
> {
> int rc = 0;
> unsigned int i = 0;
> scmp_filter_ctx ctx;
> + uint32_t action = qemu_seccomp_get_kill_action();
>
> ctx = seccomp_init(SCMP_ACT_ALLOW);
> if (ctx == NULL) {
> @@ -125,7 +153,7 @@ static int seccomp_start(uint32_t seccomp_opts)
> continue;
> }
>
> - rc = seccomp_rule_add_array(ctx, SCMP_ACT_TRAP, blacklist[i].num,
> + rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
> blacklist[i].narg, blacklist[i].arg_cmp);
> if (rc < 0) {
> goto seccomp_return;
> --
> 2.18.0.232.gb7bd9486b0
>
Acked-by: Eduardo Otubo <address@hidden>
--
Eduardo Otubo
signature.asc
Description: PGP signature