When service init file declares seccomp support (procd_set_param seccomp),
but procd is compiled without seccomp support, the service should be
started normally, because seccomp-trace and utrace are not available.
Older procd versions decided about whether to start a service in
seccomp sandbox or not based on existence of seccomp whitelist in the
filesystem. This was recently removed (
c8faedc "Do not disable seccomp
when configuration is not found", 2017-09-12) because it could be easy
for attackers to disable seccomp support. This changes is a follow-up
to the mentioned commit. With it, procd decides about whether to use
seccomp sandbox based only on compile-time configuration.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
ADD_CUSTOM_TARGET(capabilities-names-h DEPENDS capabilities-names.h)
IF(SECCOMP_SUPPORT)
+ADD_DEFINITIONS(-DSECCOMP_SUPPORT)
ADD_LIBRARY(preload-seccomp SHARED jail/preload.c jail/seccomp.c)
TARGET_LINK_LIBRARIES(preload-seccomp dl ubox blobmsg_json)
INSTALL(TARGETS preload-seccomp
{ NULL, 0 }
};
-static char trace[] = "/sbin/utrace";
-
static void closefd(int fd)
{
if (fd > STDERR_FILENO)
argv = alloca(sizeof(char *) * (argc + in->jail.argc));
argc = 0;
+#ifdef SECCOMP_SUPPORT
if (in->trace)
- argv[argc++] = trace;
+ argv[argc++] = "/sbin/utrace";
else if (seccomp)
argv[argc++] = "/sbin/seccomp-trace";
+#else
+ if (in->trace || seccomp)
+ ULOG_WARN("Seccomp support for %s::%s not available\n", in->srv->name, in->name);
+#endif
if (in->has_jail)
argc = jail_run(in, argv);
projects / oweals / procd.git / commitdiff