summaryrefslogtreecommitdiffstats
path: root/src/shared/seccomp-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-10-21 20:28:05 +0200
committerLennart Poettering <lennart@poettering.net>2016-10-24 17:32:50 +0200
commit8d7b0c8fd780e88ab5a6d1d79e09e27247245bee (patch)
treedb1954e24c9f4c283859f0b3ffbea40a679a84e3 /src/shared/seccomp-util.c
parentcore: rework apply_protect_kernel_modules() to use seccomp_add_syscall_filter... (diff)
downloadsystemd-8d7b0c8fd780e88ab5a6d1d79e09e27247245bee.tar.xz
systemd-8d7b0c8fd780e88ab5a6d1d79e09e27247245bee.zip
seccomp: add new seccomp_init_conservative() helper
This adds a new seccomp_init_conservative() helper call that is mostly just a wrapper around seccomp_init(), but turns off NNP and adds in all secondary archs, for best compatibility with everything else. Pretty much all of our code used the very same constructs for these three steps, hence unifying this in one small function makes things a lot shorter. This also changes incorrect usage of the "scmp_filter_ctx" type at various places. libseccomp defines it as typedef to "void*", i.e. it is a pointer type (pretty poor choice already!) that casts implicitly to and from all other pointer types (even poorer choice: you defined a confusing type now, and don't even gain any bit of type safety through it...). A lot of the code assumed the type would refer to a structure, and hence aded additional "*" here and there. Remove that.
Diffstat (limited to 'src/shared/seccomp-util.c')
-rw-r--r--src/shared/seccomp-util.c30
1 files changed, 28 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 1d51f3fd1f..0b9fa47c44 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -74,7 +74,34 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
return 0;
}
-int seccomp_add_secondary_archs(scmp_filter_ctx *c) {
+int seccomp_init_conservative(scmp_filter_ctx *ret, uint32_t default_action) {
+ scmp_filter_ctx seccomp;
+ int r;
+
+ /* Much like seccomp_init(), but tries to be a bit more conservative in its defaults: all secondary archs are
+ * added by default, and NNP is turned off. */
+
+ seccomp = seccomp_init(default_action);
+ if (!seccomp)
+ return -ENOMEM;
+
+ r = seccomp_add_secondary_archs(seccomp);
+ if (r < 0)
+ goto finish;
+
+ r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+ if (r < 0)
+ goto finish;
+
+ *ret = seccomp;
+ return 0;
+
+finish:
+ seccomp_release(seccomp);
+ return r;
+}
+
+int seccomp_add_secondary_archs(scmp_filter_ctx c) {
#if defined(__i386__) || defined(__x86_64__)
int r;
@@ -111,7 +138,6 @@ int seccomp_add_secondary_archs(scmp_filter_ctx *c) {
#endif
return 0;
-
}
static bool is_basic_seccomp_available(void) {