Re: [LEDE-DEV] [PATCH procd] service: Start services normally when seccomp is disabled

Sun, 05 Nov 2017 09:53:05 -0800 

On Fri, Nov 3, 2017 at 10:31 PM, Michal Sojka <sojk...@fel.cvut.cz> wrote:
> When service init file declares seccomp support (procd_set_param seccomp),
> but procd is compiled without seccomp support, the service should be
> started normally, because seccomp-trace and utrace are not available.
>
> Older procd versions decided about whether to start a service in
> seccomp sandbox or not based on existence of seccomp whitelist in the
> filesystem. This was recently removed (c8faedc "Do not disable seccomp
> when configuration is not found", 2017-09-12) because it could be easy
> for attackers to disable seccomp support. This changes is a follow-up
> to the mentioned commit. With it, procd decides about whether to use
> seccomp sandbox based only on compile-time configuration.
>
> Signed-off-by: Michal Sojka <sojk...@fel.cvut.cz>
Tested-by: Hans Dedecker <dedec...@gmail.com>
> ---
>  CMakeLists.txt     | 1 +
>  service/instance.c | 9 ++++++---
>  2 files changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/CMakeLists.txt b/CMakeLists.txt
> index 7d05e97..4b3eebd 100644
> --- a/CMakeLists.txt
> +++ b/CMakeLists.txt
> @@ -88,6 +88,7 @@ ADD_CUSTOM_COMMAND(
>  ADD_CUSTOM_TARGET(capabilities-names-h DEPENDS capabilities-names.h)
>
>  IF(SECCOMP_SUPPORT)
> +ADD_DEFINITIONS(-DSECCOMP_SUPPORT)
>  ADD_LIBRARY(preload-seccomp SHARED jail/preload.c jail/seccomp.c)
>  TARGET_LINK_LIBRARIES(preload-seccomp dl ubox blobmsg_json)
>  INSTALL(TARGETS preload-seccomp
> diff --git a/service/instance.c b/service/instance.c
> index 7703686..29d6ea6 100644
> --- a/service/instance.c
> +++ b/service/instance.c
> @@ -141,8 +141,6 @@ static const struct rlimit_name rlimit_names[] = {
>         { NULL, 0 }
>  };
>
> -static char trace[] = "/sbin/utrace";
> -
>  static void closefd(int fd)
>  {
>         if (fd > STDERR_FILENO)
> @@ -315,10 +313,15 @@ instance_run(struct service_instance *in, int _stdout, 
> int _stderr)
>         argv = alloca(sizeof(char *) * (argc + in->jail.argc));
>         argc = 0;
>
> +#ifdef SECCOMP_SUPPORT
>         if (in->trace)
> -               argv[argc++] = trace;
> +               argv[argc++] = "/sbin/utrace";
>         else if (seccomp)
>                 argv[argc++] = "/sbin/seccomp-trace";
> +#else
> +       if (in->trace || seccomp)
> +               ULOG_WARN("Seccomp support for %s::%s not available\n", 
> in->srv->name, in->name);
> +#endif
>
>         if (in->has_jail)
>                 argc = jail_run(in, argv);
> --
> 2.15.0.rc2
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Reply via email to