diff options
| -rw-r--r-- | sandbox-seccomp-filter.c | 80 |
1 files changed, 40 insertions, 40 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 6ceee33fe..14006b99a 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -85,13 +85,13 @@ | |||
| 85 | 85 | ||
| 86 | /* Simple helpers to avoid manual errors (but larger BPF programs). */ | 86 | /* Simple helpers to avoid manual errors (but larger BPF programs). */ |
| 87 | #define SC_DENY(_nr, _errno) \ | 87 | #define SC_DENY(_nr, _errno) \ |
| 88 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ | 88 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \ |
| 89 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) | 89 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) |
| 90 | #define SC_ALLOW(_nr) \ | 90 | #define SC_ALLOW(_nr) \ |
| 91 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ | 91 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \ |
| 92 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) | 92 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) |
| 93 | #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ | 93 | #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ |
| 94 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 6), \ | 94 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \ |
| 95 | /* load and test first syscall argument, low word */ \ | 95 | /* load and test first syscall argument, low word */ \ |
| 96 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ | 96 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ |
| 97 | offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \ | 97 | offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \ |
| @@ -120,114 +120,114 @@ static const struct sock_filter preauth_insns[] = { | |||
| 120 | 120 | ||
| 121 | /* Syscalls to non-fatally deny */ | 121 | /* Syscalls to non-fatally deny */ |
| 122 | #ifdef __NR_lstat | 122 | #ifdef __NR_lstat |
| 123 | SC_DENY(lstat, EACCES), | 123 | SC_DENY(__NR_lstat, EACCES), |
| 124 | #endif | 124 | #endif |
| 125 | #ifdef __NR_lstat64 | 125 | #ifdef __NR_lstat64 |
| 126 | SC_DENY(lstat64, EACCES), | 126 | SC_DENY(__NR_lstat64, EACCES), |
| 127 | #endif | 127 | #endif |
| 128 | #ifdef __NR_fstat | 128 | #ifdef __NR_fstat |
| 129 | SC_DENY(fstat, EACCES), | 129 | SC_DENY(__NR_fstat, EACCES), |
| 130 | #endif | 130 | #endif |
| 131 | #ifdef __NR_fstat64 | 131 | #ifdef __NR_fstat64 |
| 132 | SC_DENY(fstat64, EACCES), | 132 | SC_DENY(__NR_fstat64, EACCES), |
| 133 | #endif | 133 | #endif |
| 134 | #ifdef __NR_open | 134 | #ifdef __NR_open |
| 135 | SC_DENY(open, EACCES), | 135 | SC_DENY(__NR_open, EACCES), |
| 136 | #endif | 136 | #endif |
| 137 | #ifdef __NR_openat | 137 | #ifdef __NR_openat |
| 138 | SC_DENY(openat, EACCES), | 138 | SC_DENY(__NR_openat, EACCES), |
| 139 | #endif | 139 | #endif |
| 140 | #ifdef __NR_newfstatat | 140 | #ifdef __NR_newfstatat |
| 141 | SC_DENY(newfstatat, EACCES), | 141 | SC_DENY(__NR_newfstatat, EACCES), |
| 142 | #endif | 142 | #endif |
| 143 | #ifdef __NR_stat | 143 | #ifdef __NR_stat |
| 144 | SC_DENY(stat, EACCES), | 144 | SC_DENY(__NR_stat, EACCES), |
| 145 | #endif | 145 | #endif |
| 146 | #ifdef __NR_stat64 | 146 | #ifdef __NR_stat64 |
| 147 | SC_DENY(stat64, EACCES), | 147 | SC_DENY(__NR_stat64, EACCES), |
| 148 | #endif | 148 | #endif |
| 149 | 149 | ||
| 150 | /* Syscalls to permit */ | 150 | /* Syscalls to permit */ |
| 151 | #ifdef __NR_brk | 151 | #ifdef __NR_brk |
| 152 | SC_ALLOW(brk), | 152 | SC_ALLOW(__NR_brk), |
| 153 | #endif | 153 | #endif |
| 154 | #ifdef __NR_clock_gettime | 154 | #ifdef __NR_clock_gettime |
| 155 | SC_ALLOW(clock_gettime), | 155 | SC_ALLOW(__NR_clock_gettime), |
| 156 | #endif | 156 | #endif |
| 157 | #ifdef __NR_close | 157 | #ifdef __NR_close |
| 158 | SC_ALLOW(close), | 158 | SC_ALLOW(__NR_close), |
| 159 | #endif | 159 | #endif |
| 160 | #ifdef __NR_exit | 160 | #ifdef __NR_exit |
| 161 | SC_ALLOW(exit), | 161 | SC_ALLOW(__NR_exit), |
| 162 | #endif | 162 | #endif |
| 163 | #ifdef __NR_exit_group | 163 | #ifdef __NR_exit_group |
| 164 | SC_ALLOW(exit_group), | 164 | SC_ALLOW(__NR_exit_group), |
| 165 | #endif | 165 | #endif |
| 166 | #ifdef __NR_getpgid | 166 | #ifdef __NR_getpgid |
| 167 | SC_ALLOW(getpgid), | 167 | SC_ALLOW(__NR_getpgid), |
| 168 | #endif | 168 | #endif |
| 169 | #ifdef __NR_getpid | 169 | #ifdef __NR_getpid |
| 170 | SC_ALLOW(getpid), | 170 | SC_ALLOW(__NR_getpid), |
| 171 | #endif | 171 | #endif |
| 172 | #ifdef __NR_getrandom | 172 | #ifdef __NR_getrandom |
| 173 | SC_ALLOW(getrandom), | 173 | SC_ALLOW(__NR_getrandom), |
| 174 | #endif | 174 | #endif |
| 175 | #ifdef __NR_gettimeofday | 175 | #ifdef __NR_gettimeofday |
| 176 | SC_ALLOW(gettimeofday), | 176 | SC_ALLOW(__NR_gettimeofday), |
| 177 | #endif | 177 | #endif |
| 178 | #ifdef __NR_madvise | 178 | #ifdef __NR_madvise |
| 179 | SC_ALLOW(madvise), | 179 | SC_ALLOW(__NR_madvise), |
| 180 | #endif | 180 | #endif |
| 181 | #ifdef __NR_mmap | 181 | #ifdef __NR_mmap |
| 182 | SC_ALLOW(mmap), | 182 | SC_ALLOW(__NR_mmap), |
| 183 | #endif | 183 | #endif |
| 184 | #ifdef __NR_mmap2 | 184 | #ifdef __NR_mmap2 |
| 185 | SC_ALLOW(mmap2), | 185 | SC_ALLOW(__NR_mmap2), |
| 186 | #endif | 186 | #endif |
| 187 | #ifdef __NR_mremap | 187 | #ifdef __NR_mremap |
| 188 | SC_ALLOW(mremap), | 188 | SC_ALLOW(__NR_mremap), |
| 189 | #endif | 189 | #endif |
| 190 | #ifdef __NR_munmap | 190 | #ifdef __NR_munmap |
| 191 | SC_ALLOW(munmap), | 191 | SC_ALLOW(__NR_munmap), |
| 192 | #endif | 192 | #endif |
| 193 | #ifdef __NR__newselect | 193 | #ifdef __NR__newselect |
| 194 | SC_ALLOW(_newselect), | 194 | SC_ALLOW(__NR__newselect), |
| 195 | #endif | 195 | #endif |
| 196 | #ifdef __NR_poll | 196 | #ifdef __NR_poll |
| 197 | SC_ALLOW(poll), | 197 | SC_ALLOW(__NR_poll), |
| 198 | #endif | 198 | #endif |
| 199 | #ifdef __NR_pselect6 | 199 | #ifdef __NR_pselect6 |
| 200 | SC_ALLOW(pselect6), | 200 | SC_ALLOW(__NR_pselect6), |
| 201 | #endif | 201 | #endif |
| 202 | #ifdef __NR_read | 202 | #ifdef __NR_read |
| 203 | SC_ALLOW(read), | 203 | SC_ALLOW(__NR_read), |
| 204 | #endif | 204 | #endif |
| 205 | #ifdef __NR_rt_sigprocmask | 205 | #ifdef __NR_rt_sigprocmask |
| 206 | SC_ALLOW(rt_sigprocmask), | 206 | SC_ALLOW(__NR_rt_sigprocmask), |
| 207 | #endif | 207 | #endif |
| 208 | #ifdef __NR_select | 208 | #ifdef __NR_select |
| 209 | SC_ALLOW(select), | 209 | SC_ALLOW(__NR_select), |
| 210 | #endif | 210 | #endif |
| 211 | #ifdef __NR_shutdown | 211 | #ifdef __NR_shutdown |
| 212 | SC_ALLOW(shutdown), | 212 | SC_ALLOW(__NR_shutdown), |
| 213 | #endif | 213 | #endif |
| 214 | #ifdef __NR_sigprocmask | 214 | #ifdef __NR_sigprocmask |
| 215 | SC_ALLOW(sigprocmask), | 215 | SC_ALLOW(__NR_sigprocmask), |
| 216 | #endif | 216 | #endif |
| 217 | #ifdef __NR_time | 217 | #ifdef __NR_time |
| 218 | SC_ALLOW(time), | 218 | SC_ALLOW(__NR_time), |
| 219 | #endif | 219 | #endif |
| 220 | #ifdef __NR_write | 220 | #ifdef __NR_write |
| 221 | SC_ALLOW(write), | 221 | SC_ALLOW(__NR_write), |
| 222 | #endif | 222 | #endif |
| 223 | #ifdef __NR_socketcall | 223 | #ifdef __NR_socketcall |
| 224 | SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), | 224 | SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), |
| 225 | #endif | 225 | #endif |
| 226 | #if defined(__NR_ioctl) && defined(__s390__) | 226 | #if defined(__NR_ioctl) && defined(__s390__) |
| 227 | /* Allow ioctls for ICA crypto card on s390 */ | 227 | /* Allow ioctls for ICA crypto card on s390 */ |
| 228 | SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK), | 228 | SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK), |
| 229 | SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO), | 229 | SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), |
| 230 | SC_ALLOW_ARG(ioctl, 1, ICARSACRT), | 230 | SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), |
| 231 | #endif /* defined(__NR_ioctl) && defined(__s390__) */ | 231 | #endif /* defined(__NR_ioctl) && defined(__s390__) */ |
| 232 | 232 | ||
| 233 | /* Default deny */ | 233 | /* Default deny */ |