diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2019-03-28 12:04:52 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2019-03-28 12:04:52 +0000 |
| commit | 12f067cc14b90aef60b2b7d03e1df74cc50a0459 (patch) | |
| tree | 46685474db75d0f392a62cbc53b1f1be71d112e3 | |
| parent | 84bdc58c06c889d94dba6cd9f023a39757f7dc41 (diff) | |
| parent | 035121d23abcafcc2f346627d48132073d2e71d7 (diff) | |
Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20190327' into staging
pull-seccomp-20190327
# gpg: Signature made Wed 27 Mar 2019 12:12:39 GMT
# gpg: using RSA key DF32E7C0F0FFF9A2
# gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>" [full]
# Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2
* remotes/otubo/tags/pull-seccomp-20190327:
seccomp: report more useful errors from seccomp
seccomp: don't kill process for resource control syscalls
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | qemu-seccomp.c | 52 |
1 files changed, 38 insertions, 14 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 36d5829831..e0a1829b3d 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -121,58 +121,84 @@ qemu_seccomp(unsigned int operation, unsigned int flags, void *args) #endif } -static uint32_t qemu_seccomp_get_kill_action(void) +static uint32_t qemu_seccomp_get_action(int set) { + switch (set) { + case QEMU_SECCOMP_SET_DEFAULT: + case QEMU_SECCOMP_SET_OBSOLETE: + case QEMU_SECCOMP_SET_PRIVILEGED: + case QEMU_SECCOMP_SET_SPAWN: { #if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \ defined(SECCOMP_RET_KILL_PROCESS) - { - uint32_t action = SECCOMP_RET_KILL_PROCESS; + static int kill_process = -1; + if (kill_process == -1) { + uint32_t action = SECCOMP_RET_KILL_PROCESS; - if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) { + if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) { + kill_process = 1; + } + kill_process = 0; + } + if (kill_process == 1) { return SCMP_ACT_KILL_PROCESS; } - } #endif + return SCMP_ACT_TRAP; + } - return SCMP_ACT_TRAP; + case QEMU_SECCOMP_SET_RESOURCECTL: + return SCMP_ACT_ERRNO(EPERM); + + default: + g_assert_not_reached(); + } } -static int seccomp_start(uint32_t seccomp_opts) +static int seccomp_start(uint32_t seccomp_opts, Error **errp) { - int rc = 0; + int rc = -1; unsigned int i = 0; scmp_filter_ctx ctx; - uint32_t action = qemu_seccomp_get_kill_action(); ctx = seccomp_init(SCMP_ACT_ALLOW); if (ctx == NULL) { - rc = -1; + error_setg(errp, "failed to initialize seccomp context"); goto seccomp_return; } rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1); if (rc != 0) { + error_setg_errno(errp, -rc, + "failed to set seccomp thread synchronization"); goto seccomp_return; } for (i = 0; i < ARRAY_SIZE(blacklist); i++) { + uint32_t action; if (!(seccomp_opts & blacklist[i].set)) { continue; } + action = qemu_seccomp_get_action(blacklist[i].set); rc = seccomp_rule_add_array(ctx, action, blacklist[i].num, blacklist[i].narg, blacklist[i].arg_cmp); if (rc < 0) { + error_setg_errno(errp, -rc, + "failed to add seccomp blacklist rules"); goto seccomp_return; } } rc = seccomp_load(ctx); + if (rc < 0) { + error_setg_errno(errp, -rc, + "failed to load seccomp syscall filter in kernel"); + } seccomp_return: seccomp_release(ctx); - return rc; + return rc < 0 ? -1 : 0; } #ifdef CONFIG_SECCOMP @@ -242,9 +268,7 @@ int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) } } - if (seccomp_start(seccomp_opts) < 0) { - error_setg(errp, "failed to install seccomp syscall filter " - "in the kernel"); + if (seccomp_start(seccomp_opts, errp) < 0) { return -1; } } |