pull-seccomp-20180823
-----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJbfsi1AAoJEN8y58Dw//miAfEH/2XIpp5S6IiHkxrFU16YE7Qn 8oHuVKAk6kz6yRbRotW50Ok6SQRQX6dWIAxrAaLB2RfevuMPQs42o43JtdV3ldk1 sNnrTDQCN75tbaQ1HedP7EEq7SRqk3A36s7SsljdPTcBmN9PAHgvYwTd/tbozbiD qZ+LZGCe+PYbu9lBEJ3UXXZu2Y4Wr/vAVl8D6kD5NPLkS8++4HzcHRyYrTMbkV5T Hh8aFIEncg7m9skCPlqGdgaReDDPWEkbk2vM7tw2bfPuAGJlzF+nV2q1hLBeI1eu zwH/BkWfOrnYodQzVMblqq+rh1+HIQkmZpjwEfEWy5k497ntiy4y+/hAJLjiFMM= =IygU -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180823' into staging pull-seccomp-20180823 # gpg: Signature made Thu 23 Aug 2018 15:46:13 BST # gpg: using RSA key DF32E7C0F0FFF9A2 # gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>" # Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2 * remotes/otubo/tags/pull-seccomp-20180823: seccomp: set the seccomp filter to all threads configure: require libseccomp 2.2.0 seccomp: prefer SCMP_ACT_KILL_PROCESS if available seccomp: use SIGSYS signal instead of killing the thread Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
235c82acca
|
@ -2228,13 +2228,10 @@ fi
|
||||||
##########################################
|
##########################################
|
||||||
# libseccomp check
|
# libseccomp check
|
||||||
|
|
||||||
|
libseccomp_minver="2.2.0"
|
||||||
if test "$seccomp" != "no" ; then
|
if test "$seccomp" != "no" ; then
|
||||||
case "$cpu" in
|
case "$cpu" in
|
||||||
i386|x86_64)
|
i386|x86_64|mips)
|
||||||
libseccomp_minver="2.1.0"
|
|
||||||
;;
|
|
||||||
mips)
|
|
||||||
libseccomp_minver="2.2.0"
|
|
||||||
;;
|
;;
|
||||||
arm|aarch64)
|
arm|aarch64)
|
||||||
libseccomp_minver="2.2.3"
|
libseccomp_minver="2.2.3"
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
#include <sys/prctl.h>
|
#include <sys/prctl.h>
|
||||||
#include <seccomp.h>
|
#include <seccomp.h>
|
||||||
#include "sysemu/seccomp.h"
|
#include "sysemu/seccomp.h"
|
||||||
|
#include <linux/seccomp.h>
|
||||||
|
|
||||||
/* For some architectures (notably ARM) cacheflush is not supported until
|
/* For some architectures (notably ARM) cacheflush is not supported until
|
||||||
* libseccomp 2.2.3, but configure enforces that we are using a more recent
|
* libseccomp 2.2.3, but configure enforces that we are using a more recent
|
||||||
|
@ -107,12 +108,40 @@ static const struct QemuSeccompSyscall blacklist[] = {
|
||||||
{ SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
|
{ SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static inline __attribute__((unused)) int
|
||||||
|
qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
|
||||||
|
{
|
||||||
|
#ifdef __NR_seccomp
|
||||||
|
return syscall(__NR_seccomp, operation, flags, args);
|
||||||
|
#else
|
||||||
|
errno = ENOSYS;
|
||||||
|
return -1;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
static uint32_t qemu_seccomp_get_kill_action(void)
|
||||||
|
{
|
||||||
|
#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
|
||||||
|
defined(SECCOMP_RET_KILL_PROCESS)
|
||||||
|
{
|
||||||
|
uint32_t action = SECCOMP_RET_KILL_PROCESS;
|
||||||
|
|
||||||
|
if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
|
||||||
|
return SCMP_ACT_KILL_PROCESS;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return SCMP_ACT_TRAP;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int seccomp_start(uint32_t seccomp_opts)
|
static int seccomp_start(uint32_t seccomp_opts)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
unsigned int i = 0;
|
unsigned int i = 0;
|
||||||
scmp_filter_ctx ctx;
|
scmp_filter_ctx ctx;
|
||||||
|
uint32_t action = qemu_seccomp_get_kill_action();
|
||||||
|
|
||||||
ctx = seccomp_init(SCMP_ACT_ALLOW);
|
ctx = seccomp_init(SCMP_ACT_ALLOW);
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
|
@ -120,12 +149,17 @@ static int seccomp_start(uint32_t seccomp_opts)
|
||||||
goto seccomp_return;
|
goto seccomp_return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
|
||||||
|
if (rc != 0) {
|
||||||
|
goto seccomp_return;
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
|
for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
|
||||||
if (!(seccomp_opts & blacklist[i].set)) {
|
if (!(seccomp_opts & blacklist[i].set)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num,
|
rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
|
||||||
blacklist[i].narg, blacklist[i].arg_cmp);
|
blacklist[i].narg, blacklist[i].arg_cmp);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
goto seccomp_return;
|
goto seccomp_return;
|
||||||
|
|
Loading…
Reference in New Issue