diff options
author | Daniel P. Berrangé <berrange@redhat.com> | 2021-04-29 11:25:13 +0100 |
---|---|---|
committer | Daniel P. Berrangé <berrange@redhat.com> | 2022-02-16 18:52:40 +0000 |
commit | 463805711056b431a74917a75cda75ec67fec3d2 (patch) | |
tree | 5ca2564e546f23ecc6964479e6fc8ab20b153b60 /softmmu | |
parent | c542b302707628609f2a33bcbd3e442282806b8e (diff) |
seccomp: block setns, unshare and execveat syscalls
setns/unshare are used to change namespaces which is not something QEMU
needs to be able todo.
execveat is a new variant of execve so should be blocked just like
execve already is.
Acked-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'softmmu')
-rw-r--r-- | softmmu/qemu-seccomp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/softmmu/qemu-seccomp.c b/softmmu/qemu-seccomp.c index a7bb5c350f..deaf8a4ef5 100644 --- a/softmmu/qemu-seccomp.c +++ b/softmmu/qemu-seccomp.c @@ -248,6 +248,11 @@ static const struct QemuSeccompSyscall denylist[] = { { SCMP_SYS(clone3), QEMU_SECCOMP_SET_SPAWN, 0, NULL, SCMP_ACT_ERRNO(ENOSYS) }, #endif +#ifdef __SNR_execveat + { SCMP_SYS(execveat), QEMU_SECCOMP_SET_SPAWN }, +#endif + { SCMP_SYS(setns), QEMU_SECCOMP_SET_SPAWN }, + { SCMP_SYS(unshare), QEMU_SECCOMP_SET_SPAWN }, /* resource control */ { SCMP_SYS(setpriority), QEMU_SECCOMP_SET_RESOURCECTL, 0, NULL, SCMP_ACT_ERRNO(EPERM) }, |