diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2019-03-13 09:32:51 +0000 |
|---|---|---|
| committer | Dr. David Alan Gilbert <dgilbert@redhat.com> | 2020-01-23 16:41:37 +0000 |
| commit | 4f8bde99c175ffd86b5125098a4707d43f5e80c6 (patch) | |
| tree | dff3e147bad537c6308fccd1e3f5d89a2e1327c8 /tools/virtiofsd/passthrough_ll.c | |
| parent | 8e1d4ef231d8327be219f7aea7aa15d181375bbc (diff) | |
virtiofsd: add seccomp whitelist
Only allow system calls that are needed by virtiofsd. All other system
calls cause SIGSYS to be directed at the thread and the process will
coredump.
Restricting system calls reduces the kernel attack surface and limits
what the process can do when compromised.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
with additional entries by:
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: piaojun <piaojun@huawei.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Diffstat (limited to 'tools/virtiofsd/passthrough_ll.c')
| -rw-r--r-- | tools/virtiofsd/passthrough_ll.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c index 0947d14e5b..bd8925bd83 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -59,6 +59,7 @@ #include <unistd.h> #include "passthrough_helpers.h" +#include "seccomp.h" struct lo_map_elem { union { @@ -2091,6 +2092,7 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se) { setup_namespaces(lo, se); setup_mounts(lo->source); + setup_seccomp(); } int main(int argc, char *argv[]) |