[mirror_qemu.git] / qemu-seccomp.c

/*
 * QEMU seccomp mode 2 support with libseccomp
 *
 * Copyright IBM, Corp. 2012
 *
 * Authors:
 *  Eduardo Otubo    <eotubo@br.ibm.com>
 *
 * This work is licensed under the terms of the GNU GPL, version 2.  See
 * the COPYING file in the top-level directory.
 *
 * Contributions after 2012-01-13 are licensed under the terms of the
 * GNU GPL, version 2 or (at your option) any later version.
 */
#include "qemu/osdep.h"
#include <seccomp.h>
#include "sysemu/seccomp.h"

/* For some architectures (notably ARM) cacheflush is not supported until
 * libseccomp 2.2.3, but configure enforces that we are using a more recent
 * version on those hosts, so it is OK for this check to be less strict.
 */
#if SCMP_VER_MAJOR >= 3
  #define HAVE_CACHEFLUSH
#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
  #define HAVE_CACHEFLUSH
#endif

struct QemuSeccompSyscall {
    int32_t num;
    uint8_t set;
};

static const struct QemuSeccompSyscall blacklist[] = {
    /* default set of syscalls to blacklist */
    { SCMP_SYS(reboot),                 QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(swapon),                 QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(swapoff),                QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(syslog),                 QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(mount),                  QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(umount),                 QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(kexec_load),             QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(afs_syscall),            QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(break),                  QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(ftime),                  QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(getpmsg),                QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(gtty),                   QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(lock),                   QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(mpx),                    QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(prof),                   QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(profil),                 QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(putpmsg),                QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(security),               QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(stty),                   QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(tuxcall),                QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(ulimit),                 QEMU_SECCOMP_SET_DEFAULT },
    { SCMP_SYS(vserver),                QEMU_SECCOMP_SET_DEFAULT },
};

int seccomp_start(void)
{
    int rc = 0;
    unsigned int i = 0;
    scmp_filter_ctx ctx;

    ctx = seccomp_init(SCMP_ACT_ALLOW);
    if (ctx == NULL) {
        rc = -1;
        goto seccomp_return;
    }

    for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
        rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0);
        if (rc < 0) {
            goto seccomp_return;
        }
    }

    rc = seccomp_load(ctx);

  seccomp_return:
    seccomp_release(ctx);
    return rc;
}
Commit	Line	Data
2f668be7 EO	1	/*
	2	* QEMU seccomp mode 2 support with libseccomp
	3	*
	4	* Copyright IBM, Corp. 2012
	5	*
	6	* Authors:
	7	* Eduardo Otubo <eotubo@br.ibm.com>
	8	*
	9	* This work is licensed under the terms of the GNU GPL, version 2. See
	10	* the COPYING file in the top-level directory.
	11	*
	12	* Contributions after 2012-01-13 are licensed under the terms of the
	13	* GNU GPL, version 2 or (at your option) any later version.
	14	*/
d38ea87a	15	#include "qemu/osdep.h"
2f668be7	16	#include <seccomp.h>
9c17d615	17	#include "sysemu/seccomp.h"
2f668be7	18
81bed73b JH	19	/* For some architectures (notably ARM) cacheflush is not supported until
	20	* libseccomp 2.2.3, but configure enforces that we are using a more recent
	21	* version on those hosts, so it is OK for this check to be less strict.
	22	*/
47d2067a AJ	23	#if SCMP_VER_MAJOR >= 3
47d2067a AJ	24	#define HAVE_CACHEFLUSH
81bed73b	25	#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
47d2067a AJ	26	#define HAVE_CACHEFLUSH
	27	#endif
	28
2f668be7 EO	29	struct QemuSeccompSyscall {
2f668be7 EO	30	int32_t num;
1bd6152a	31	uint8_t set;
2f668be7 EO	32	};
2f668be7 EO	33
1bd6152a EO	34	static const struct QemuSeccompSyscall blacklist[] = {
	35	/* default set of syscalls to blacklist */
	36	{ SCMP_SYS(reboot), QEMU_SECCOMP_SET_DEFAULT },
	37	{ SCMP_SYS(swapon), QEMU_SECCOMP_SET_DEFAULT },
	38	{ SCMP_SYS(swapoff), QEMU_SECCOMP_SET_DEFAULT },
	39	{ SCMP_SYS(syslog), QEMU_SECCOMP_SET_DEFAULT },
	40	{ SCMP_SYS(mount), QEMU_SECCOMP_SET_DEFAULT },
	41	{ SCMP_SYS(umount), QEMU_SECCOMP_SET_DEFAULT },
	42	{ SCMP_SYS(kexec_load), QEMU_SECCOMP_SET_DEFAULT },
	43	{ SCMP_SYS(afs_syscall), QEMU_SECCOMP_SET_DEFAULT },
	44	{ SCMP_SYS(break), QEMU_SECCOMP_SET_DEFAULT },
	45	{ SCMP_SYS(ftime), QEMU_SECCOMP_SET_DEFAULT },
	46	{ SCMP_SYS(getpmsg), QEMU_SECCOMP_SET_DEFAULT },
	47	{ SCMP_SYS(gtty), QEMU_SECCOMP_SET_DEFAULT },
	48	{ SCMP_SYS(lock), QEMU_SECCOMP_SET_DEFAULT },
	49	{ SCMP_SYS(mpx), QEMU_SECCOMP_SET_DEFAULT },
	50	{ SCMP_SYS(prof), QEMU_SECCOMP_SET_DEFAULT },
	51	{ SCMP_SYS(profil), QEMU_SECCOMP_SET_DEFAULT },
	52	{ SCMP_SYS(putpmsg), QEMU_SECCOMP_SET_DEFAULT },
	53	{ SCMP_SYS(security), QEMU_SECCOMP_SET_DEFAULT },
	54	{ SCMP_SYS(stty), QEMU_SECCOMP_SET_DEFAULT },
	55	{ SCMP_SYS(tuxcall), QEMU_SECCOMP_SET_DEFAULT },
	56	{ SCMP_SYS(ulimit), QEMU_SECCOMP_SET_DEFAULT },
	57	{ SCMP_SYS(vserver), QEMU_SECCOMP_SET_DEFAULT },
2f668be7 EO	58	};
	59
	60	int seccomp_start(void)
	61	{
	62	int rc = 0;
	63	unsigned int i = 0;
	64	scmp_filter_ctx ctx;
	65
1bd6152a	66	ctx = seccomp_init(SCMP_ACT_ALLOW);
2f668be7	67	if (ctx == NULL) {
2a13f991	68	rc = -1;
2f668be7 EO	69	goto seccomp_return;
	70	}
	71
1bd6152a EO	72	for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
1bd6152a EO	73	rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0);
2f668be7 EO	74	if (rc < 0) {
	75	goto seccomp_return;
	76	}
	77	}
	78
	79	rc = seccomp_load(ctx);
	80
	81	seccomp_return:
	82	seccomp_release(ctx);
	83	return rc;
	84	}