debian/patches/extra/0002-seccomp-prefer-SCMP_ACT_KILL_PROCESS-if-available.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
   3 Date: Wed, 22 Aug 2018 19:02:48 +0200
   4 Subject: [PATCH] seccomp: prefer SCMP_ACT_KILL_PROCESS if available
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS
  10 action (https://github.com/seccomp/libseccomp/issues/96).
  11
  12 SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the
  13 offending process, rather than having the SIGSYS handler running.
  14
  15 Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support,
  16 as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still
  17 prefer SCMP_ACT_TRAP.
  18
  19 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
  20 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
  21 Acked-by: Eduardo Otubo <otubo@redhat.com>
  22 ---
  23  qemu-seccomp.c | 31 ++++++++++++++++++++++++++++++-
  24  1 file changed, 30 insertions(+), 1 deletion(-)
  25
  26 diff --git a/qemu-seccomp.c b/qemu-seccomp.c
  27 index b117a92559..f0c833f3ca 100644
  28 --- a/qemu-seccomp.c
  29 +++ b/qemu-seccomp.c
  30 @@ -20,6 +20,7 @@
  31  #include <sys/prctl.h>
  32  #include <seccomp.h>
  33  #include "sysemu/seccomp.h"
  34 +#include <linux/seccomp.h>
  35
  36  /* For some architectures (notably ARM) cacheflush is not supported until
  37   * libseccomp 2.2.3, but configure enforces that we are using a more recent
  38 @@ -107,12 +108,40 @@ static const struct QemuSeccompSyscall blacklist[] = {
  39      { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
  40  };
  41
  42 +static inline __attribute__((unused)) int
  43 +qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
  44 +{
  45 +#ifdef __NR_seccomp
  46 +    return syscall(__NR_seccomp, operation, flags, args);
  47 +#else
  48 +    errno = ENOSYS;
  49 +    return -1;
  50 +#endif
  51 +}
  52 +
  53 +static uint32_t qemu_seccomp_get_kill_action(void)
  54 +{
  55 +#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
  56 +    defined(SECCOMP_RET_KILL_PROCESS)
  57 +    {
  58 +        uint32_t action = SECCOMP_RET_KILL_PROCESS;
  59 +
  60 +        if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
  61 +            return SCMP_ACT_KILL_PROCESS;
  62 +        }
  63 +    }
  64 +#endif
  65 +
  66 +    return SCMP_ACT_TRAP;
  67 +}
  68 +
  69
  70  static int seccomp_start(uint32_t seccomp_opts)
  71  {
  72      int rc = 0;
  73      unsigned int i = 0;
  74      scmp_filter_ctx ctx;
  75 +    uint32_t action = qemu_seccomp_get_kill_action();
  76
  77      ctx = seccomp_init(SCMP_ACT_ALLOW);
  78      if (ctx == NULL) {
  79 @@ -125,7 +154,7 @@ static int seccomp_start(uint32_t seccomp_opts)
  80              continue;
  81          }
  82
  83 -        rc = seccomp_rule_add_array(ctx, SCMP_ACT_TRAP, blacklist[i].num,
  84 +        rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
  85                                      blacklist[i].narg, blacklist[i].arg_cmp);
  86          if (rc < 0) {
  87              goto seccomp_return;
  88 --
  89 2.11.0
  90