2 * QEMU seccomp mode 2 support with libseccomp
4 * Copyright IBM, Corp. 2012
7 * Eduardo Otubo <eotubo@br.ibm.com>
9 * This work is licensed under the terms of the GNU GPL, version 2. See
10 * the COPYING file in the top-level directory.
12 * Contributions after 2012-01-13 are licensed under the terms of the
13 * GNU GPL, version 2 or (at your option) any later version.
15 #include "qemu/osdep.h"
17 #include "sysemu/seccomp.h"
19 /* For some architectures (notably ARM) cacheflush is not supported until
20 * libseccomp 2.2.3, but configure enforces that we are using a more recent
21 * version on those hosts, so it is OK for this check to be less strict.
23 #if SCMP_VER_MAJOR >= 3
24 #define HAVE_CACHEFLUSH
25 #elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
26 #define HAVE_CACHEFLUSH
29 struct QemuSeccompSyscall
{
34 static const struct QemuSeccompSyscall blacklist
[] = {
35 /* default set of syscalls to blacklist */
36 { SCMP_SYS(reboot
), QEMU_SECCOMP_SET_DEFAULT
},
37 { SCMP_SYS(swapon
), QEMU_SECCOMP_SET_DEFAULT
},
38 { SCMP_SYS(swapoff
), QEMU_SECCOMP_SET_DEFAULT
},
39 { SCMP_SYS(syslog
), QEMU_SECCOMP_SET_DEFAULT
},
40 { SCMP_SYS(mount
), QEMU_SECCOMP_SET_DEFAULT
},
41 { SCMP_SYS(umount
), QEMU_SECCOMP_SET_DEFAULT
},
42 { SCMP_SYS(kexec_load
), QEMU_SECCOMP_SET_DEFAULT
},
43 { SCMP_SYS(afs_syscall
), QEMU_SECCOMP_SET_DEFAULT
},
44 { SCMP_SYS(break), QEMU_SECCOMP_SET_DEFAULT
},
45 { SCMP_SYS(ftime
), QEMU_SECCOMP_SET_DEFAULT
},
46 { SCMP_SYS(getpmsg
), QEMU_SECCOMP_SET_DEFAULT
},
47 { SCMP_SYS(gtty
), QEMU_SECCOMP_SET_DEFAULT
},
48 { SCMP_SYS(lock
), QEMU_SECCOMP_SET_DEFAULT
},
49 { SCMP_SYS(mpx
), QEMU_SECCOMP_SET_DEFAULT
},
50 { SCMP_SYS(prof
), QEMU_SECCOMP_SET_DEFAULT
},
51 { SCMP_SYS(profil
), QEMU_SECCOMP_SET_DEFAULT
},
52 { SCMP_SYS(putpmsg
), QEMU_SECCOMP_SET_DEFAULT
},
53 { SCMP_SYS(security
), QEMU_SECCOMP_SET_DEFAULT
},
54 { SCMP_SYS(stty
), QEMU_SECCOMP_SET_DEFAULT
},
55 { SCMP_SYS(tuxcall
), QEMU_SECCOMP_SET_DEFAULT
},
56 { SCMP_SYS(ulimit
), QEMU_SECCOMP_SET_DEFAULT
},
57 { SCMP_SYS(vserver
), QEMU_SECCOMP_SET_DEFAULT
},
59 { SCMP_SYS(readdir
), QEMU_SECCOMP_SET_OBSOLETE
},
60 { SCMP_SYS(_sysctl
), QEMU_SECCOMP_SET_OBSOLETE
},
61 { SCMP_SYS(bdflush
), QEMU_SECCOMP_SET_OBSOLETE
},
62 { SCMP_SYS(create_module
), QEMU_SECCOMP_SET_OBSOLETE
},
63 { SCMP_SYS(get_kernel_syms
), QEMU_SECCOMP_SET_OBSOLETE
},
64 { SCMP_SYS(query_module
), QEMU_SECCOMP_SET_OBSOLETE
},
65 { SCMP_SYS(sgetmask
), QEMU_SECCOMP_SET_OBSOLETE
},
66 { SCMP_SYS(ssetmask
), QEMU_SECCOMP_SET_OBSOLETE
},
67 { SCMP_SYS(sysfs
), QEMU_SECCOMP_SET_OBSOLETE
},
68 { SCMP_SYS(uselib
), QEMU_SECCOMP_SET_OBSOLETE
},
69 { SCMP_SYS(ustat
), QEMU_SECCOMP_SET_OBSOLETE
},
73 int seccomp_start(uint32_t seccomp_opts
)
79 ctx
= seccomp_init(SCMP_ACT_ALLOW
);
85 for (i
= 0; i
< ARRAY_SIZE(blacklist
); i
++) {
86 if (!(seccomp_opts
& blacklist
[i
].set
)) {
90 rc
= seccomp_rule_add(ctx
, SCMP_ACT_KILL
, blacklist
[i
].num
, 0);
96 rc
= seccomp_load(ctx
);