[LEDE-DEV,procd,03/17] Do not disable seccomp when configuration is not found

Message ID 20170912111250.31576-6-sojkam1@fel.cvut.cz
State Accepted
Headers show
Series
  • [LEDE-DEV,procd,01/17] utrace: Fix environment initialization
Related show

Commit Message

Michal Sojka Sept. 12, 2017, 11:12 a.m.
Previously, when seccomp configuration file for a service was not
found, the service was started without seccomp. I consider this
potential attack vector.

With this change, procd starts the service as if the configuration
existed but the service fails in libpreload-seccomp.so, because the
configuration cannot be loaded. This is announced in the syslog.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
---
 service/instance.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

Patch

diff --git a/service/instance.c b/service/instance.c
index bb766ea..dc7e3ca 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -873,15 +873,8 @@  instance_config_parse(struct service_instance *in)
 	if (tb[INSTANCE_ATTR_NO_NEW_PRIVS])
 		in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]);
 
-	if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) {
-		char *seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]);
-		struct stat s;
-
-		if (stat(seccomp, &s))
-			ERROR("%s: not starting seccomp as %s is missing\n", in->name, seccomp);
-		else
-			in->seccomp = seccomp;
-	}
+	if (!in->trace && tb[INSTANCE_ATTR_SECCOMP])
+		in->seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]);
 
 	if (tb[INSTANCE_ATTR_PIDFILE]) {
 		char *pidfile = blobmsg_get_string(tb[INSTANCE_ATTR_PIDFILE]);