Do not disable seccomp when configuration is not found

Previously, when seccomp configuration file for a service was not
found, the service was started without seccomp. I consider this
potential attack vector.

With this change, procd starts the service as if the configuration
existed but the service fails in libpreload-seccomp.so, because the
configuration cannot be loaded. This is announced in the syslog.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>

diff --git a/service/instance.c b/service/instance.c
index bb766ea99f9a19b5226a2d596faa2f98a8c5c192..dc7e3ca58ad2b1ffed1c8781f4118b658defcece 100644 (file)
--- a/service/instance.c
+++ b/service/instance.c
@@ -873,15 +873,8 @@ instance_config_parse(struct service_instance *in)
        if (tb[INSTANCE_ATTR_NO_NEW_PRIVS])
                in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]);
 
-       if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) {
-               char *seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]);
-               struct stat s;
-
-               if (stat(seccomp, &s))
-                       ERROR("%s: not starting seccomp as %s is missing\n", in->name, seccomp);
-               else
-                       in->seccomp = seccomp;
-       }
+       if (!in->trace && tb[INSTANCE_ATTR_SECCOMP])
+               in->seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]);
 
        if (tb[INSTANCE_ATTR_PIDFILE]) {
                char *pidfile = blobmsg_get_string(tb[INSTANCE_ATTR_PIDFILE]);