2 * Copyright (c) 2017, Google, Inc.
4 * Author: Han-Wen Nienhuys <hanwen@google.com>
6 * This source code is released for free distribution under the terms of the
7 * GNU General Public License version 2 or (at your option) any later version.
13 #include "interactive_p.h"
20 int installSyscallFilter (void)
22 // Use SCMP_ACT_TRAP to get a core dump.
23 scmp_filter_ctx ctx
= seccomp_init (SCMP_ACT_KILL
);
30 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (mmap
), 0);
31 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (munmap
), 0);
32 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (mremap
), 0);
33 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (brk
), 0);
36 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (read
), 0);
37 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (write
), 0);
40 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (exit
), 0);
41 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (exit_group
), 0);
43 // The bowels of stdio want to know the size of a file, even for stdout.
44 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (fstat
), 0);
45 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (fstat64
), 0);
47 // seems unnecessary, but this comes from
48 // main/parse.c:2764 : tagFilePosition (&tagfpos);
49 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (lseek
), 0);
50 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (_llseek
), 0);
52 // libxml2 uses pthread_once, which in turn uses a futex
53 seccomp_rule_add (ctx
, SCMP_ACT_ALLOW
, SCMP_SYS (futex
), 0);
55 verbose ("Entering sandbox\n");
56 int err
= seccomp_load (ctx
);
59 error (WARNING
, "Failed to install syscall filter");
60 /* Error handling is done in upper layer. */
63 seccomp_release (ctx
);
69 TODO: on OSX, Seatbelt
70 (https://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design)
71 should be used for equivalent functionality.
75 int installSyscallFilter (void)