From patchwork Fri Nov  3 21:31:41 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michal Sojka <sojkam1@fel.cvut.cz>
X-Patchwork-Id: 834115
Return-Path: 
 <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;
	helo=bombadil.infradead.org;
	envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="WYJ7JAbq";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3yTFZS0tB1z9s7C
	for <incoming@patchwork.ozlabs.org>;
	Sat,  4 Nov 2017 08:33:52 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id:
	Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=V70tzLhE7TbcvqoGIjcMMopSPZ7y0w/+kVZxOpq4ats=;
	b=WYJ7JAbqmy3a8d
	Zw64rhKDrA10w3cG9BZQckB5/G0lX003RdJkBljEUiWse7YXhgVQmKE4rZAmfEiopbBBabbpGtQLn
	psuXCCIaY5JiNm7B6LOaHeUs4euIHFcD+H6v4zG1ML6VnncUf6gja4+9FcmzfKGNipT1ixrdCe0ww
	Edlm6dym45/SZ8U5eQgDkkK+4P/p0LJFLndqly6AXGqNVG66gDNGUiO6C12H7QPwN7eDZH7AHVT00
	vmvWZhwmeKoXA//Njlq8wvZLmqvga2utosi8ltO+USWe62y0LL4vwl8FWqVZY+w+9AMg9OqYGGxY2
	n/CAXCMxWQ5xiNZAufFg==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1eAjaw-00078R-Sq; Fri, 03 Nov 2017 21:33:42 +0000
Received: from smtpx.feld.cvut.cz ([147.32.192.33])
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1eAjai-0006rN-37
	for lede-dev@lists.infradead.org; Fri, 03 Nov 2017 21:33:30 +0000
Received: from localhost (unknown [192.168.200.7])
	by smtpx.feld.cvut.cz (Postfix) with ESMTP id C59FADC3BE;
	Fri,  3 Nov 2017 22:33:06 +0100 (CET)
X-Virus-Scanned: IMAP STYX AMAVIS
Received: from smtpx.feld.cvut.cz ([192.168.200.6])
	by localhost (styx.feld.cvut.cz [192.168.200.7]) (amavisd-new,
	port 10054)
	with ESMTP id mKfbQrtPPQpD; Fri,  3 Nov 2017 22:33:05 +0100 (CET)
Received: from imap.feld.cvut.cz (imap.feld.cvut.cz [147.32.192.34])
	by smtpx.feld.cvut.cz (Postfix) with ESMTP id 29E64DC33A;
	Fri,  3 Nov 2017 22:33:05 +0100 (CET)
Received: from wsh by steelpick.2x.cz with local (Exim 4.89)
	(envelope-from <sojkam1@fel.cvut.cz>)
	id 1eAjaK-00039i-Ph; Fri, 03 Nov 2017 22:33:04 +0100
From: Michal Sojka <sojkam1@fel.cvut.cz>
To: lede-dev@lists.infradead.org,
	John Crispin <john@phrozen.org>
Date: Fri,  3 Nov 2017 22:31:41 +0100
Message-Id: <20171103213142.11928-1-sojkam1@fel.cvut.cz>
X-Mailer: git-send-email 2.15.0.rc2
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20171103_143328_448544_F2482D52 
X-CRM114-Status: UNSURE (   8.37  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -4.2 (----)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-4.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
	medium trust [147.32.192.33 listed in list.dnswl.org]
	-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
Subject: [LEDE-DEV] [PATCH procd] service: Start services normally when
	seccomp is disabled
X-BeenThere: lede-dev@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <lede-dev.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/lede-dev/>
List-Post: <mailto:lede-dev@lists.infradead.org>
List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>
Cc: Bryan Mayland <bmayland+lede@capnbry.net>,
	Michal Sojka <sojkam1@fel.cvut.cz>
MIME-Version: 1.0
Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org>
Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

When service init file declares seccomp support (procd_set_param seccomp),
but procd is compiled without seccomp support, the service should be
started normally, because seccomp-trace and utrace are not available.

Older procd versions decided about whether to start a service in
seccomp sandbox or not based on existence of seccomp whitelist in the
filesystem. This was recently removed (c8faedc "Do not disable seccomp
when configuration is not found", 2017-09-12) because it could be easy
for attackers to disable seccomp support. This changes is a follow-up
to the mentioned commit. With it, procd decides about whether to use
seccomp sandbox based only on compile-time configuration.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
---
 CMakeLists.txt     | 1 +
 service/instance.c | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7d05e97..4b3eebd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -88,6 +88,7 @@ ADD_CUSTOM_COMMAND(
 ADD_CUSTOM_TARGET(capabilities-names-h DEPENDS capabilities-names.h)
 
 IF(SECCOMP_SUPPORT)
+ADD_DEFINITIONS(-DSECCOMP_SUPPORT)
 ADD_LIBRARY(preload-seccomp SHARED jail/preload.c jail/seccomp.c)
 TARGET_LINK_LIBRARIES(preload-seccomp dl ubox blobmsg_json)
 INSTALL(TARGETS preload-seccomp
diff --git a/service/instance.c b/service/instance.c
index 7703686..29d6ea6 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -141,8 +141,6 @@ static const struct rlimit_name rlimit_names[] = {
 	{ NULL, 0 }
 };
 
-static char trace[] = "/sbin/utrace";
-
 static void closefd(int fd)
 {
 	if (fd > STDERR_FILENO)
@@ -315,10 +313,15 @@ instance_run(struct service_instance *in, int _stdout, int _stderr)
 	argv = alloca(sizeof(char *) * (argc + in->jail.argc));
 	argc = 0;
 
+#ifdef SECCOMP_SUPPORT
 	if (in->trace)
-		argv[argc++] = trace;
+		argv[argc++] = "/sbin/utrace";
 	else if (seccomp)
 		argv[argc++] = "/sbin/seccomp-trace";
+#else
+	if (in->trace || seccomp)
+		ULOG_WARN("Seccomp support for %s::%s not available\n", in->srv->name, in->name);
+#endif
 
 	if (in->has_jail)
 		argc = jail_run(in, argv);