diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2017-08-11 00:33:53 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-08-14 16:46:44 -0400 |
| commit | d612b1fd8010d0d67b5287fe146b8b55bcbb8655 (patch) | |
| tree | cadcaeebf71ffa28aced54e9fc8b7c0ee42cc6d3 /tools | |
| parent | 8e5f1ad116df6b0de65eac458d5e7c318d1c05af (diff) | |
seccomp: Operation for checking if an action is available
Userspace code that needs to check if the kernel supports a given action
may not be able to use the /proc/sys/kernel/seccomp/actions_avail
sysctl. The process may be running in a sandbox and, therefore,
sufficient filesystem access may not be available. This patch adds an
operation to the seccomp(2) syscall that allows userspace code to ask
the kernel if a given action is available.
If the action is supported by the kernel, 0 is returned. If the action
is not supported by the kernel, -1 is returned with errno set to
-EOPNOTSUPP. If this check is attempted on a kernel that doesn't support
this new operation, -1 is returned with errno set to -EINVAL meaning
that userspace code will have the ability to differentiate between the
two error cases.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/testing/selftests/seccomp/seccomp_bpf.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 2fb49d99588d..1f2888f6678b 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c | |||
| @@ -1731,6 +1731,10 @@ TEST_F_SIGNAL(TRACE_syscall, kill_after_ptrace, SIGSYS) | |||
| 1731 | #define SECCOMP_SET_MODE_FILTER 1 | 1731 | #define SECCOMP_SET_MODE_FILTER 1 |
| 1732 | #endif | 1732 | #endif |
| 1733 | 1733 | ||
| 1734 | #ifndef SECCOMP_GET_ACTION_AVAIL | ||
| 1735 | #define SECCOMP_GET_ACTION_AVAIL 2 | ||
| 1736 | #endif | ||
| 1737 | |||
| 1734 | #ifndef SECCOMP_FILTER_FLAG_TSYNC | 1738 | #ifndef SECCOMP_FILTER_FLAG_TSYNC |
| 1735 | #define SECCOMP_FILTER_FLAG_TSYNC 1 | 1739 | #define SECCOMP_FILTER_FLAG_TSYNC 1 |
| 1736 | #endif | 1740 | #endif |
| @@ -2469,6 +2473,38 @@ TEST(syscall_restart) | |||
| 2469 | _metadata->passed = 0; | 2473 | _metadata->passed = 0; |
| 2470 | } | 2474 | } |
| 2471 | 2475 | ||
| 2476 | TEST(get_action_avail) | ||
| 2477 | { | ||
| 2478 | __u32 actions[] = { SECCOMP_RET_KILL, SECCOMP_RET_TRAP, | ||
| 2479 | SECCOMP_RET_ERRNO, SECCOMP_RET_TRACE, | ||
| 2480 | SECCOMP_RET_ALLOW }; | ||
| 2481 | __u32 unknown_action = 0x10000000U; | ||
| 2482 | int i; | ||
| 2483 | long ret; | ||
| 2484 | |||
| 2485 | ret = seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &actions[0]); | ||
| 2486 | ASSERT_NE(ENOSYS, errno) { | ||
| 2487 | TH_LOG("Kernel does not support seccomp syscall!"); | ||
| 2488 | } | ||
| 2489 | ASSERT_NE(EINVAL, errno) { | ||
| 2490 | TH_LOG("Kernel does not support SECCOMP_GET_ACTION_AVAIL operation!"); | ||
| 2491 | } | ||
| 2492 | EXPECT_EQ(ret, 0); | ||
| 2493 | |||
| 2494 | for (i = 0; i < ARRAY_SIZE(actions); i++) { | ||
| 2495 | ret = seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &actions[i]); | ||
| 2496 | EXPECT_EQ(ret, 0) { | ||
| 2497 | TH_LOG("Expected action (0x%X) not available!", | ||
| 2498 | actions[i]); | ||
| 2499 | } | ||
| 2500 | } | ||
| 2501 | |||
| 2502 | /* Check that an unknown action is handled properly (EOPNOTSUPP) */ | ||
| 2503 | ret = seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &unknown_action); | ||
| 2504 | EXPECT_EQ(ret, -1); | ||
| 2505 | EXPECT_EQ(errno, EOPNOTSUPP); | ||
| 2506 | } | ||
| 2507 | |||
| 2472 | /* | 2508 | /* |
| 2473 | * TODO: | 2509 | * TODO: |
| 2474 | * - add microbenchmarks | 2510 | * - add microbenchmarks |