pull-seccomp-20180823

-----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJbfsi1AAoJEN8y58Dw//miAfEH/2XIpp5S6IiHkxrFU16YE7Qn 8oHuVKAk6kz6yRbRotW50Ok6SQRQX6dWIAxrAaLB2RfevuMPQs42o43JtdV3ldk1 sNnrTDQCN75tbaQ1HedP7EEq7SRqk3A36s7SsljdPTcBmN9PAHgvYwTd/tbozbiD qZ+LZGCe+PYbu9lBEJ3UXXZu2Y4Wr/vAVl8D6kD5NPLkS8++4HzcHRyYrTMbkV5T Hh8aFIEncg7m9skCPlqGdgaReDDPWEkbk2vM7tw2bfPuAGJlzF+nV2q1hLBeI1eu zwH/BkWfOrnYodQzVMblqq+rh1+HIQkmZpjwEfEWy5k497ntiy4y+/hAJLjiFMM= =IygU -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180823' into staging pull-seccomp-20180823 # gpg: Signature made Thu 23 Aug 2018 15:46:13 BST # gpg: using RSA key DF32E7C0F0FFF9A2 # gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>" # Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2 * remotes/otubo/tags/pull-seccomp-20180823: seccomp: set the seccomp filter to all threads configure: require libseccomp 2.2.0 seccomp: prefer SCMP_ACT_KILL_PROCESS if available seccomp: use SIGSYS signal instead of killing the thread Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-25 13:08:57 +01:00 · 2018-08-25 13:08:57 +01:00 · 235c82acca
parent 17182bb47f 70dfabeaa7
commit 235c82acca
2 changed files with 37 additions and 6 deletions
--- a/7
+++ b/7
@ -2228,13 +2228,10 @@ fi
 ##########################################
 # libseccomp check

+libseccomp_minver="2.2.0"
 if test "$seccomp" != "no" ; then
    case "$cpu" in
-    i386|x86_64)
-        libseccomp_minver="2.1.0"
-        ;;
-    mips)
-        libseccomp_minver="2.2.0"
+    i386|x86_64|mips)
        ;;
    arm|aarch64)
        libseccomp_minver="2.2.3"
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@ -20,6 +20,7 @@
 #include <sys/prctl.h>
 #include <seccomp.h>
 #include "sysemu/seccomp.h"
+#include <linux/seccomp.h>

 /* For some architectures (notably ARM) cacheflush is not supported until
 * libseccomp 2.2.3, but configure enforces that we are using a more recent
@ -107,12 +108,40 @@ static const struct QemuSeccompSyscall blacklist[] = {
    { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
 };

+static inline __attribute__((unused)) int
+qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
+{
+#ifdef __NR_seccomp
+    return syscall(__NR_seccomp, operation, flags, args);
+#else
+    errno = ENOSYS;
+    return -1;
+#endif
+}
+
+static uint32_t qemu_seccomp_get_kill_action(void)
+{
+#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
+    defined(SECCOMP_RET_KILL_PROCESS)
+    {
+        uint32_t action = SECCOMP_RET_KILL_PROCESS;
+
+        if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
+            return SCMP_ACT_KILL_PROCESS;
+        }
+    }
+#endif
+
+    return SCMP_ACT_TRAP;
+}
+

 static int seccomp_start(uint32_t seccomp_opts)
 {
    int rc = 0;
    unsigned int i = 0;
    scmp_filter_ctx ctx;
+    uint32_t action = qemu_seccomp_get_kill_action();

    ctx = seccomp_init(SCMP_ACT_ALLOW);
    if (ctx == NULL) {
@ -120,12 +149,17 @@ static int seccomp_start(uint32_t seccomp_opts)
        goto seccomp_return;
    }

+    rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
+    if (rc != 0) {
+        goto seccomp_return;
+    }
+
    for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
        if (!(seccomp_opts & blacklist[i].set)) {
            continue;
        }

-        rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num,
+        rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
                                    blacklist[i].narg, blacklist[i].arg_cmp);
        if (rc < 0) {
            goto seccomp_return;