1
2
3
4
5
6
7
8
9#include "qemu/osdep.h"
10#include "passthrough_seccomp.h"
11#include "fuse_i.h"
12#include "fuse_log.h"
13#include <seccomp.h>
14
15
16#if !defined(__SNR_ppoll) && defined(__SNR_brk)
17#ifdef __NR_ppoll
18#define __SNR_ppoll __NR_ppoll
19#else
20#define __SNR_ppoll __PNR_ppoll
21#endif
22#endif
23
24static const int syscall_allowlist[] = {
25
26 SCMP_SYS(brk),
27 SCMP_SYS(capget),
28 SCMP_SYS(capset),
29 SCMP_SYS(clock_gettime),
30 SCMP_SYS(clone),
31#ifdef __NR_clone3
32 SCMP_SYS(clone3),
33#endif
34 SCMP_SYS(close),
35 SCMP_SYS(copy_file_range),
36 SCMP_SYS(dup),
37 SCMP_SYS(eventfd2),
38 SCMP_SYS(exit),
39 SCMP_SYS(exit_group),
40 SCMP_SYS(fallocate),
41 SCMP_SYS(fchdir),
42 SCMP_SYS(fchmod),
43 SCMP_SYS(fchmodat),
44 SCMP_SYS(fchownat),
45 SCMP_SYS(fcntl),
46 SCMP_SYS(fdatasync),
47 SCMP_SYS(fgetxattr),
48 SCMP_SYS(flistxattr),
49 SCMP_SYS(flock),
50 SCMP_SYS(fremovexattr),
51 SCMP_SYS(fsetxattr),
52 SCMP_SYS(fstat),
53 SCMP_SYS(fstatfs),
54 SCMP_SYS(fstatfs64),
55 SCMP_SYS(fsync),
56 SCMP_SYS(ftruncate),
57 SCMP_SYS(futex),
58 SCMP_SYS(getdents),
59 SCMP_SYS(getdents64),
60 SCMP_SYS(getegid),
61 SCMP_SYS(geteuid),
62 SCMP_SYS(getpid),
63 SCMP_SYS(gettid),
64 SCMP_SYS(gettimeofday),
65 SCMP_SYS(getxattr),
66 SCMP_SYS(linkat),
67 SCMP_SYS(listxattr),
68 SCMP_SYS(lseek),
69 SCMP_SYS(_llseek),
70 SCMP_SYS(madvise),
71 SCMP_SYS(mkdirat),
72 SCMP_SYS(mknodat),
73 SCMP_SYS(mmap),
74 SCMP_SYS(mprotect),
75 SCMP_SYS(mremap),
76 SCMP_SYS(munmap),
77 SCMP_SYS(newfstatat),
78 SCMP_SYS(statx),
79 SCMP_SYS(open),
80 SCMP_SYS(openat),
81 SCMP_SYS(ppoll),
82 SCMP_SYS(prctl),
83 SCMP_SYS(preadv),
84 SCMP_SYS(pread64),
85 SCMP_SYS(pwritev),
86 SCMP_SYS(pwrite64),
87 SCMP_SYS(read),
88 SCMP_SYS(readlinkat),
89 SCMP_SYS(recvmsg),
90 SCMP_SYS(renameat),
91 SCMP_SYS(renameat2),
92 SCMP_SYS(removexattr),
93 SCMP_SYS(restart_syscall),
94#ifdef __NR_rseq
95 SCMP_SYS(rseq),
96#endif
97 SCMP_SYS(rt_sigaction),
98 SCMP_SYS(rt_sigprocmask),
99 SCMP_SYS(rt_sigreturn),
100 SCMP_SYS(sched_getattr),
101 SCMP_SYS(sched_setattr),
102 SCMP_SYS(sendmsg),
103 SCMP_SYS(setresgid),
104 SCMP_SYS(setresuid),
105#ifdef __NR_setresgid32
106 SCMP_SYS(setresgid32),
107#endif
108#ifdef __NR_setresuid32
109 SCMP_SYS(setresuid32),
110#endif
111 SCMP_SYS(set_robust_list),
112 SCMP_SYS(setxattr),
113 SCMP_SYS(sigreturn),
114 SCMP_SYS(symlinkat),
115 SCMP_SYS(syncfs),
116 SCMP_SYS(time),
117 SCMP_SYS(tgkill),
118 SCMP_SYS(unlinkat),
119 SCMP_SYS(unshare),
120 SCMP_SYS(utimensat),
121 SCMP_SYS(write),
122 SCMP_SYS(writev),
123 SCMP_SYS(umask),
124};
125
126
127static const int syscall_allowlist_syslog[] = {
128 SCMP_SYS(send),
129 SCMP_SYS(sendto),
130};
131
132static void add_allowlist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
133{
134 size_t i;
135
136 for (i = 0; i < len; i++) {
137 if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) != 0) {
138 fuse_log(FUSE_LOG_ERR, "seccomp_rule_add syscall %d failed\n",
139 syscalls[i]);
140 exit(1);
141 }
142 }
143}
144
145void setup_seccomp(bool enable_syslog)
146{
147 scmp_filter_ctx ctx;
148
149#ifdef SCMP_ACT_KILL_PROCESS
150 ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
151
152 if (!ctx && errno == EOPNOTSUPP) {
153 ctx = seccomp_init(SCMP_ACT_TRAP);
154 }
155#else
156 ctx = seccomp_init(SCMP_ACT_TRAP);
157#endif
158 if (!ctx) {
159 fuse_log(FUSE_LOG_ERR, "seccomp_init() failed\n");
160 exit(1);
161 }
162
163 add_allowlist(ctx, syscall_allowlist, G_N_ELEMENTS(syscall_allowlist));
164 if (enable_syslog) {
165 add_allowlist(ctx, syscall_allowlist_syslog,
166 G_N_ELEMENTS(syscall_allowlist_syslog));
167 }
168
169
170 if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOSYS),
171 SCMP_SYS(userfaultfd), 0) != 0) {
172 fuse_log(FUSE_LOG_ERR, "seccomp_rule_add userfaultfd failed\n");
173 exit(1);
174 }
175
176 if (seccomp_load(ctx) < 0) {
177 fuse_log(FUSE_LOG_ERR, "seccomp_load() failed\n");
178 exit(1);
179 }
180
181 seccomp_release(ctx);
182}
183