summaryrefslogtreecommitdiff
path: root/sandbox-seccomp-filter.c
AgeCommit message (Collapse)Author
2017-04-25Fix typo in "socketcall".Darren Tucker
Pointed out by jjelen at redhat.com.
2017-04-24Deny socketcall in seccomp filter on ppc64le.Darren Tucker
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys in privsep child. The socket() syscall is already denied in the seccomp filter, but in ppc64le kernel, it is implemented using socketcall() syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and therefore fails hard. Patch from jjelen at redhat.com.
2017-03-22Missing header on Linux/s390Damien Miller
Patch from Jakub Jelen
2017-03-21Fix syntax error on Linux/X32Damien Miller
Patch from Mike Frysinger
2017-03-14Make seccomp-bpf sandbox work on Linux/X32Damien Miller
Allow clock_gettime syscall with X32 bit masked off. Apparently this is required for at least some kernel versions. bz#2142 Patch mostly by Colin Watson. ok dtucker@
2017-03-14Remove macro trickery; no binary changeDamien Miller
This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros prepending __NR_ to the syscall number parameter and just makes them explicit in the macro invocations. No binary change in stripped object file before/after.
2017-03-14support ioctls for ICA crypto card on Linux/s390Damien Miller
Based on patch from Eduardo Barretto; ok dtucker@
2017-03-14Fix weakness in seccomp-bpf sandbox arg inspectionDamien Miller
Syscall arguments are passed via an array of 64-bit values in struct seccomp_data, but we were only inspecting the bottom 32 bits and not even those correctly for BE systems. Fortunately, the only case argument inspection was used was in the socketcall filtering so using this for sandbox escape seems impossible. ok dtucker
2016-05-20Deny lstat syscalls in seccomp sandboxDamien Miller
Avoids sandbox violations for some krb/gssapi libraries.
2015-09-10allow getrandom syscall; from Felix von LeitnerDamien Miller
2015-06-30upstream commitdjm@openbsd.org
add getpid to sandbox, reachable by grace_alarm_handler reported by Jakub Jelen; bz#2419 Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
2015-06-25add missing pselect6Damien Miller
patch from Jakub Jelen
2015-06-17trivial optimisation for seccomp-bpfDamien Miller
When doing arg inspection and the syscall doesn't match, skip past the instruction that reloads the syscall into the accumulator, since the accumulator hasn't been modified at this point.
2015-06-17aarch64 support for seccomp-bpf sandboxDamien Miller
Also resort and tidy syscall list. Based on patches by Jakub Jelen bz#2361; ok dtucker@
2014-09-10 - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;Damien Miller
patch from Felix von Leitner; ok dtucker
2014-03-17 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX toDamien Miller
remind myself to add sandbox violation logging via the log socket.
2014-02-06 - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures defineDamien Miller
__NR_shutdown; some go via the socketcall(2) multiplexer.
2014-01-31 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)Damien Miller
syscall from sandboxes; it may be called by packet_close.
2014-01-17 - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]Damien Miller
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2013-06-02 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.Darren Tucker
2013-02-22 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for LinuxDamien Miller
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; ok dtucker
2012-07-06 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter isDamien Miller
not available. Allows use of sshd compiled on host with a filter-capable kernel on hosts that lack the support. bz#2011 ok dtucker@
2012-04-04 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandboxDamien Miller
mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@