]>
Commit | Line | Data |
---|---|---|
2f668be7 EO |
1 | /* |
2 | * QEMU seccomp mode 2 support with libseccomp | |
3 | * | |
4 | * Copyright IBM, Corp. 2012 | |
5 | * | |
6 | * Authors: | |
7 | * Eduardo Otubo <eotubo@br.ibm.com> | |
8 | * | |
9 | * This work is licensed under the terms of the GNU GPL, version 2. See | |
10 | * the COPYING file in the top-level directory. | |
11 | * | |
12 | * Contributions after 2012-01-13 are licensed under the terms of the | |
13 | * GNU GPL, version 2 or (at your option) any later version. | |
14 | */ | |
d38ea87a | 15 | #include "qemu/osdep.h" |
2f668be7 | 16 | #include <seccomp.h> |
9c17d615 | 17 | #include "sysemu/seccomp.h" |
2f668be7 | 18 | |
81bed73b JH |
19 | /* For some architectures (notably ARM) cacheflush is not supported until |
20 | * libseccomp 2.2.3, but configure enforces that we are using a more recent | |
21 | * version on those hosts, so it is OK for this check to be less strict. | |
22 | */ | |
47d2067a AJ |
23 | #if SCMP_VER_MAJOR >= 3 |
24 | #define HAVE_CACHEFLUSH | |
81bed73b | 25 | #elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2 |
47d2067a AJ |
26 | #define HAVE_CACHEFLUSH |
27 | #endif | |
28 | ||
2f668be7 EO |
29 | struct QemuSeccompSyscall { |
30 | int32_t num; | |
1bd6152a | 31 | uint8_t set; |
2f668be7 EO |
32 | }; |
33 | ||
1bd6152a EO |
34 | static const struct QemuSeccompSyscall blacklist[] = { |
35 | /* default set of syscalls to blacklist */ | |
36 | { SCMP_SYS(reboot), QEMU_SECCOMP_SET_DEFAULT }, | |
37 | { SCMP_SYS(swapon), QEMU_SECCOMP_SET_DEFAULT }, | |
38 | { SCMP_SYS(swapoff), QEMU_SECCOMP_SET_DEFAULT }, | |
39 | { SCMP_SYS(syslog), QEMU_SECCOMP_SET_DEFAULT }, | |
40 | { SCMP_SYS(mount), QEMU_SECCOMP_SET_DEFAULT }, | |
41 | { SCMP_SYS(umount), QEMU_SECCOMP_SET_DEFAULT }, | |
42 | { SCMP_SYS(kexec_load), QEMU_SECCOMP_SET_DEFAULT }, | |
43 | { SCMP_SYS(afs_syscall), QEMU_SECCOMP_SET_DEFAULT }, | |
44 | { SCMP_SYS(break), QEMU_SECCOMP_SET_DEFAULT }, | |
45 | { SCMP_SYS(ftime), QEMU_SECCOMP_SET_DEFAULT }, | |
46 | { SCMP_SYS(getpmsg), QEMU_SECCOMP_SET_DEFAULT }, | |
47 | { SCMP_SYS(gtty), QEMU_SECCOMP_SET_DEFAULT }, | |
48 | { SCMP_SYS(lock), QEMU_SECCOMP_SET_DEFAULT }, | |
49 | { SCMP_SYS(mpx), QEMU_SECCOMP_SET_DEFAULT }, | |
50 | { SCMP_SYS(prof), QEMU_SECCOMP_SET_DEFAULT }, | |
51 | { SCMP_SYS(profil), QEMU_SECCOMP_SET_DEFAULT }, | |
52 | { SCMP_SYS(putpmsg), QEMU_SECCOMP_SET_DEFAULT }, | |
53 | { SCMP_SYS(security), QEMU_SECCOMP_SET_DEFAULT }, | |
54 | { SCMP_SYS(stty), QEMU_SECCOMP_SET_DEFAULT }, | |
55 | { SCMP_SYS(tuxcall), QEMU_SECCOMP_SET_DEFAULT }, | |
56 | { SCMP_SYS(ulimit), QEMU_SECCOMP_SET_DEFAULT }, | |
57 | { SCMP_SYS(vserver), QEMU_SECCOMP_SET_DEFAULT }, | |
2f668be7 EO |
58 | }; |
59 | ||
60 | int seccomp_start(void) | |
61 | { | |
62 | int rc = 0; | |
63 | unsigned int i = 0; | |
64 | scmp_filter_ctx ctx; | |
65 | ||
1bd6152a | 66 | ctx = seccomp_init(SCMP_ACT_ALLOW); |
2f668be7 | 67 | if (ctx == NULL) { |
2a13f991 | 68 | rc = -1; |
2f668be7 EO |
69 | goto seccomp_return; |
70 | } | |
71 | ||
1bd6152a EO |
72 | for (i = 0; i < ARRAY_SIZE(blacklist); i++) { |
73 | rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0); | |
2f668be7 EO |
74 | if (rc < 0) { |
75 | goto seccomp_return; | |
76 | } | |
77 | } | |
78 | ||
79 | rc = seccomp_load(ctx); | |
80 | ||
81 | seccomp_return: | |
82 | seccomp_release(ctx); | |
83 | return rc; | |
84 | } |