111 lines
3.5 KiB
Diff
111 lines
3.5 KiB
Diff
From 80574fd1c226ca5c8555b3bb37bc3fe121bbf69f Mon Sep 17 00:00:00 2001
|
|
From: Eduardo Otubo <otubo@redhat.com>
|
|
Date: Fri, 28 Sep 2018 07:56:37 +0100
|
|
Subject: seccomp: prefer SCMP_ACT_KILL_PROCESS if available
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
|
Message-id: <20180928075639.16746-4-otubo@redhat.com>
|
|
Patchwork-id: 82315
|
|
O-Subject: [RHEL-8 qemu-kvm PATCH 3/5] seccomp: prefer SCMP_ACT_KILL_PROCESS if available
|
|
Bugzilla: 1618356
|
|
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
|
|
|
From: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
|
commit bda08a5764d470f101fa38635d30b41179a313e1
|
|
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Date: Wed Aug 22 19:02:48 2018 +0200
|
|
|
|
seccomp: prefer SCMP_ACT_KILL_PROCESS if available
|
|
|
|
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS
|
|
action (https://github.com/seccomp/libseccomp/issues/96).
|
|
|
|
SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the
|
|
offending process, rather than having the SIGSYS handler running.
|
|
|
|
Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support,
|
|
as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still
|
|
prefer SCMP_ACT_TRAP.
|
|
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
Acked-by: Eduardo Otubo <otubo@redhat.com>
|
|
|
|
Signed-off-by: Eduardo Otubo <otubo@rehdat.com>
|
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
---
|
|
qemu-seccomp.c | 31 ++++++++++++++++++++++++++++++-
|
|
1 file changed, 30 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
|
|
index b117a92..f0c833f 100644
|
|
--- a/qemu-seccomp.c
|
|
+++ b/qemu-seccomp.c
|
|
@@ -20,6 +20,7 @@
|
|
#include <sys/prctl.h>
|
|
#include <seccomp.h>
|
|
#include "sysemu/seccomp.h"
|
|
+#include <linux/seccomp.h>
|
|
|
|
/* For some architectures (notably ARM) cacheflush is not supported until
|
|
* libseccomp 2.2.3, but configure enforces that we are using a more recent
|
|
@@ -107,12 +108,40 @@ static const struct QemuSeccompSyscall blacklist[] = {
|
|
{ SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
|
|
};
|
|
|
|
+static inline __attribute__((unused)) int
|
|
+qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
|
|
+{
|
|
+#ifdef __NR_seccomp
|
|
+ return syscall(__NR_seccomp, operation, flags, args);
|
|
+#else
|
|
+ errno = ENOSYS;
|
|
+ return -1;
|
|
+#endif
|
|
+}
|
|
+
|
|
+static uint32_t qemu_seccomp_get_kill_action(void)
|
|
+{
|
|
+#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
|
|
+ defined(SECCOMP_RET_KILL_PROCESS)
|
|
+ {
|
|
+ uint32_t action = SECCOMP_RET_KILL_PROCESS;
|
|
+
|
|
+ if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
|
|
+ return SCMP_ACT_KILL_PROCESS;
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
+
|
|
+ return SCMP_ACT_TRAP;
|
|
+}
|
|
+
|
|
|
|
static int seccomp_start(uint32_t seccomp_opts)
|
|
{
|
|
int rc = 0;
|
|
unsigned int i = 0;
|
|
scmp_filter_ctx ctx;
|
|
+ uint32_t action = qemu_seccomp_get_kill_action();
|
|
|
|
ctx = seccomp_init(SCMP_ACT_ALLOW);
|
|
if (ctx == NULL) {
|
|
@@ -125,7 +154,7 @@ static int seccomp_start(uint32_t seccomp_opts)
|
|
continue;
|
|
}
|
|
|
|
- rc = seccomp_rule_add_array(ctx, SCMP_ACT_TRAP, blacklist[i].num,
|
|
+ rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
|
|
blacklist[i].narg, blacklist[i].arg_cmp);
|
|
if (rc < 0) {
|
|
goto seccomp_return;
|
|
--
|
|
1.8.3.1
|
|
|