]>
Commit | Line | Data |
---|---|---|
53e83913 WB |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com> | |
3 | Date: Wed, 22 Aug 2018 19:02:47 +0200 | |
4 | Subject: [PATCH] seccomp: use SIGSYS signal instead of killing the thread | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | The seccomp action SCMP_ACT_KILL results in immediate termination of | |
10 | the thread that made the bad system call. However, qemu being | |
11 | multi-threaded, it keeps running. There is no easy way for parent | |
12 | process / management layer (libvirt) to know about that situation. | |
13 | ||
14 | Instead, the default SIGSYS handler when invoked with SCMP_ACT_TRAP | |
15 | will terminate the program and core dump. | |
16 | ||
17 | This may not be the most secure solution, but probably better than | |
18 | just killing the offending thread. SCMP_ACT_KILL_PROCESS has been | |
19 | added in Linux 4.14 to improve the situation, which I propose to use | |
20 | by default if available in the next patch. | |
21 | ||
22 | Related to: | |
23 | https://bugzilla.redhat.com/show_bug.cgi?id=1594456 | |
24 | ||
25 | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> | |
26 | Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> | |
27 | Acked-by: Eduardo Otubo <otubo@redhat.com> | |
28 | --- | |
29 | qemu-seccomp.c | 2 +- | |
30 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
31 | ||
32 | diff --git a/qemu-seccomp.c b/qemu-seccomp.c | |
33 | index 9cd8eb9499..b117a92559 100644 | |
34 | --- a/qemu-seccomp.c | |
35 | +++ b/qemu-seccomp.c | |
36 | @@ -125,7 +125,7 @@ static int seccomp_start(uint32_t seccomp_opts) | |
37 | continue; | |
38 | } | |
39 | ||
40 | - rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num, | |
41 | + rc = seccomp_rule_add_array(ctx, SCMP_ACT_TRAP, blacklist[i].num, | |
42 | blacklist[i].narg, blacklist[i].arg_cmp); | |
43 | if (rc < 0) { | |
44 | goto seccomp_return; | |
45 | -- | |
46 | 2.11.0 | |
47 |