From patchwork Mon Nov 12 19:48:15 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduardo Otubo X-Patchwork-Id: 198445 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 29E382C007E for ; Tue, 13 Nov 2012 06:49:02 +1100 (EST) Received: from localhost ([::1]:42096 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TY00C-0003ZR-Aq for incoming@patchwork.ozlabs.org; Mon, 12 Nov 2012 14:49:00 -0500 Received: from eggs.gnu.org ([208.118.235.92]:60106) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TXzzs-0003WI-Bl for qemu-devel@nongnu.org; Mon, 12 Nov 2012 14:48:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TXzzp-0002le-81 for qemu-devel@nongnu.org; Mon, 12 Nov 2012 14:48:40 -0500 Received: from e24smtp04.br.ibm.com ([32.104.18.25]:52306) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TXzzo-0002lK-Ny for qemu-devel@nongnu.org; Mon, 12 Nov 2012 14:48:37 -0500 Received: from /spool/local by e24smtp04.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 12 Nov 2012 17:48:30 -0200 Received: from d24dlp02.br.ibm.com (9.18.248.206) by e24smtp04.br.ibm.com (10.172.0.140) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 12 Nov 2012 17:48:29 -0200 Received: from d24relay02.br.ibm.com (d24relay02.br.ibm.com [9.13.184.26]) by d24dlp02.br.ibm.com (Postfix) with ESMTP id 08CFB1DC005A for ; Mon, 12 Nov 2012 14:48:28 -0500 (EST) Received: from d24av01.br.ibm.com (d24av01.br.ibm.com [9.8.31.91]) by d24relay02.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id qACJmJpb22020186 for ; Mon, 12 Nov 2012 17:48:20 -0200 Received: from d24av01.br.ibm.com (loopback [127.0.0.1]) by d24av01.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id qACJmQFh029392 for ; Mon, 12 Nov 2012 17:48:26 -0200 Received: from vader.br.ibm.com ([9.18.235.244]) by d24av01.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id qACJmQJA029379; Mon, 12 Nov 2012 17:48:26 -0200 From: Eduardo Otubo To: qemu-devel@nongnu.org Date: Mon, 12 Nov 2012 17:48:15 -0200 Message-Id: <1352749698-1219-2-git-send-email-otubo@linux.vnet.ibm.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1352749698-1219-1-git-send-email-otubo@linux.vnet.ibm.com> References: <1352749698-1219-1-git-send-email-otubo@linux.vnet.ibm.com> X-Content-Scanned: Fidelis XPS MAILER x-cbid: 12111219-8936-0000-0000-000008897DDB X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] X-Received-From: 32.104.18.25 Cc: pmoore@redhat.com, coreyb@linux.vnet.ibm.com, Eduardo Otubo Subject: [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Now the seccomp filter will be set to "on" even if no argument "-sandbox" is given. v3: * Introduced seccomp_states enum and new functions named seccomp_set_state() and seccomp_get_state() (pbonzini@redhat.com). * Merged seccomp_start() and install_seccomp_filter(), moved install_seccomp_filter() to qemu-seccomp.c, and renamed it. * Moved CONFIG_SECCOMP pre-processor checks from Makefile.objs to qemu-seccomp.c. * Replace qerror_report with fprintf(stderr, "..") in main() (lcapitulino@redhat.com). Note: This support requires libseccomp. If you don't have access to libseccomp packages, you can manually build with the following steps: 1) git clone git://git.code.sf.net/p/libseccomp/libseccomp 2) cd libseccomp 3) ./configure 4) make 5) make install 6) export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig/" Signed-off-by: Eduardo Otubo Signed-off-by: Corey Bryant --- Makefile.objs | 2 -- configure | 2 +- qemu-seccomp.c | 26 ++++++++++++++++++++++++-- qemu-seccomp.h | 13 +++++++++++-- vl.c | 31 ++++++++++++++++--------------- 5 files changed, 52 insertions(+), 22 deletions(-) diff --git a/Makefile.objs b/Makefile.objs index 593a592..682b1e6 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -103,9 +103,7 @@ common-obj-$(CONFIG_SLIRP) += slirp/ ###################################################################### # libseccomp -ifeq ($(CONFIG_SECCOMP),y) common-obj-y += qemu-seccomp.o -endif ###################################################################### # libuser diff --git a/configure b/configure index 7290f50..d28f8d5 100755 --- a/configure +++ b/configure @@ -221,7 +221,7 @@ guest_agent="yes" want_tools="yes" libiscsi="" coroutine="" -seccomp="" +seccomp="yes" glusterfs="" # parse CC options first diff --git a/qemu-seccomp.c b/qemu-seccomp.c index b06a2c6..2386996 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -12,10 +12,28 @@ * Contributions after 2012-01-13 are licensed under the terms of the * GNU GPL, version 2 or (at your option) any later version. */ +#include "config-host.h" #include -#include +#include "osdep.h" #include "qemu-seccomp.h" +#ifdef CONFIG_SECCOMP +int seccomp_state = SECCOMP_ON; +#else +int seccomp_state = SECCOMP_OFF; +#endif + +void seccomp_set_state(int state) +{ + seccomp_state = state; +} + +int seccomp_get_state(void) +{ + return seccomp_state; +} + +#ifdef CONFIG_SECCOMP struct QemuSeccompSyscall { int32_t num; uint8_t priority; @@ -223,15 +241,18 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(prlimit64), 241 }, { SCMP_SYS(waitid), 241 } }; +#endif -int seccomp_start(void) +int seccomp_install_filter(void) { int rc = 0; +#ifdef CONFIG_SECCOMP unsigned int i = 0; scmp_filter_ctx ctx; ctx = seccomp_init(SCMP_ACT_KILL); if (ctx == NULL) { + rc = -1; goto seccomp_return; } @@ -251,5 +272,6 @@ int seccomp_start(void) seccomp_return: seccomp_release(ctx); +#endif return rc; } diff --git a/qemu-seccomp.h b/qemu-seccomp.h index b2fc3f8..fa26d70 100644 --- a/qemu-seccomp.h +++ b/qemu-seccomp.h @@ -15,8 +15,17 @@ #ifndef QEMU_SECCOMP_H #define QEMU_SECCOMP_H +#ifdef CONFIG_SECCOMP #include -#include "osdep.h" +#endif + +enum seccomp_states { + SECCOMP_OFF, + SECCOMP_ON +}; + +void seccomp_set_state(int); +int seccomp_get_state(void); +int seccomp_install_filter(void); -int seccomp_start(void); #endif diff --git a/vl.c b/vl.c index 4f03a72..cb3d85e 100644 --- a/vl.c +++ b/vl.c @@ -64,9 +64,7 @@ #include #endif -#ifdef CONFIG_SECCOMP #include "qemu-seccomp.h" -#endif #ifdef __sun__ #include @@ -772,22 +770,17 @@ static int bt_parse(const char *opt) static int parse_sandbox(QemuOpts *opts, void *opaque) { - /* FIXME: change this to true for 1.3 */ - if (qemu_opt_get_bool(opts, "enable", false)) { #ifdef CONFIG_SECCOMP - if (seccomp_start() < 0) { - qerror_report(ERROR_CLASS_GENERIC_ERROR, - "failed to install seccomp syscall filter in the kernel"); - return -1; - } -#else - qerror_report(ERROR_CLASS_GENERIC_ERROR, - "sandboxing request but seccomp is not compiled into this build"); - return -1; -#endif + /* seccomp sandboxing is on by default */ + if (!qemu_opt_get_bool(opts, "enable", true)) { + seccomp_set_state(SECCOMP_OFF); } - return 0; +#else + fprintf(stderr, "sandbox option specified but seccomp is not compiled " + "into this build\n"); + return -1; +#endif } /*********QEMU USB setting******/ @@ -3489,6 +3482,14 @@ int main(int argc, char **argv, char **envp) exit(1); } + if (seccomp_get_state() == SECCOMP_ON) { + if (seccomp_install_filter() < 0) { + fprintf(stderr, "failed to install seccomp syscall " + "initialization filter\n"); + exit(1); + } + } + #ifndef _WIN32 if (qemu_opts_foreach(qemu_find_opts("add-fd"), parse_add_fd, NULL, 1)) { exit(1);