Rename our 'pledge' mechanism to 'vow'
Among other differences, pledge() from OpenBSD takes a string and has exec promises. We don't. Using the same name yet providing a different interface does not appear reasonable.
This commit is contained in:
parent
6420ca1b40
commit
55b43fdaac
652
exile.h
652
exile.h
@ -239,10 +239,10 @@ static inline int landlock_restrict_self(const int ruleset_fd,
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct syscall_pledge_map
|
struct syscall_vow_map
|
||||||
{
|
{
|
||||||
long syscall;
|
long syscall;
|
||||||
uint64_t pledgemask;
|
uint64_t vowmask;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct exile_path_policy
|
struct exile_path_policy
|
||||||
@ -292,29 +292,29 @@ is thus up to the default policy */
|
|||||||
|
|
||||||
|
|
||||||
/* Pledge definitions */
|
/* Pledge definitions */
|
||||||
#define EXILE_SYSCALL_PLEDGE_CHOWN ((uint64_t)1<<1)
|
#define EXILE_SYSCALL_VOW_CHOWN ((uint64_t)1<<1)
|
||||||
#define EXILE_SYSCALL_PLEDGE_CLONE ((uint64_t)1<<2)
|
#define EXILE_SYSCALL_VOW_CLONE ((uint64_t)1<<2)
|
||||||
#define EXILE_SYSCALL_PLEDGE_CPATH ((uint64_t)1<<3)
|
#define EXILE_SYSCALL_VOW_CPATH ((uint64_t)1<<3)
|
||||||
#define EXILE_SYSCALL_PLEDGE_DPATH ((uint64_t)1<<4)
|
#define EXILE_SYSCALL_VOW_DPATH ((uint64_t)1<<4)
|
||||||
#define EXILE_SYSCALL_PLEDGE_EXEC ((uint64_t)1<<5)
|
#define EXILE_SYSCALL_VOW_EXEC ((uint64_t)1<<5)
|
||||||
#define EXILE_SYSCALL_PLEDGE_FATTR ((uint64_t)1<<6)
|
#define EXILE_SYSCALL_VOW_FATTR ((uint64_t)1<<6)
|
||||||
#define EXILE_SYSCALL_PLEDGE_FSNOTIFY ((uint64_t)1<<7)
|
#define EXILE_SYSCALL_VOW_FSNOTIFY ((uint64_t)1<<7)
|
||||||
#define EXILE_SYSCALL_PLEDGE_ID ((uint64_t)1<<8)
|
#define EXILE_SYSCALL_VOW_ID ((uint64_t)1<<8)
|
||||||
#define EXILE_SYSCALL_PLEDGE_INET ((uint64_t)1<<9)
|
#define EXILE_SYSCALL_VOW_INET ((uint64_t)1<<9)
|
||||||
#define EXILE_SYSCALL_PLEDGE_IOCTL ((uint64_t)1<<10)
|
#define EXILE_SYSCALL_VOW_IOCTL ((uint64_t)1<<10)
|
||||||
#define EXILE_SYSCALL_PLEDGE_PRCTL ((uint64_t)1<<11)
|
#define EXILE_SYSCALL_VOW_PRCTL ((uint64_t)1<<11)
|
||||||
#define EXILE_SYSCALL_PLEDGE_PROC ((uint64_t)1<<12)
|
#define EXILE_SYSCALL_VOW_PROC ((uint64_t)1<<12)
|
||||||
#define EXILE_SYSCALL_PLEDGE_PROT_EXEC ((uint64_t)1<<13)
|
#define EXILE_SYSCALL_VOW_PROT_EXEC ((uint64_t)1<<13)
|
||||||
#define EXILE_SYSCALL_PLEDGE_RPATH ((uint64_t)1<<14)
|
#define EXILE_SYSCALL_VOW_RPATH ((uint64_t)1<<14)
|
||||||
#define EXILE_SYSCALL_PLEDGE_SCHED ((uint64_t)1<<15)
|
#define EXILE_SYSCALL_VOW_SCHED ((uint64_t)1<<15)
|
||||||
#define EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL ((uint64_t)1<<16)
|
#define EXILE_SYSCALL_VOW_SECCOMP_INSTALL ((uint64_t)1<<16)
|
||||||
#define EXILE_SYSCALL_PLEDGE_SHM ((uint64_t)1<<17)
|
#define EXILE_SYSCALL_VOW_SHM ((uint64_t)1<<17)
|
||||||
#define EXILE_SYSCALL_PLEDGE_STDIO ((uint64_t)1<<18)
|
#define EXILE_SYSCALL_VOW_STDIO ((uint64_t)1<<18)
|
||||||
#define EXILE_SYSCALL_PLEDGE_THREAD ((uint64_t)1<<19)
|
#define EXILE_SYSCALL_VOW_THREAD ((uint64_t)1<<19)
|
||||||
#define EXILE_SYSCALL_PLEDGE_UNIX ((uint64_t)1<<20)
|
#define EXILE_SYSCALL_VOW_UNIX ((uint64_t)1<<20)
|
||||||
#define EXILE_SYSCALL_PLEDGE_WPATH ((uint64_t)1<<21)
|
#define EXILE_SYSCALL_VOW_WPATH ((uint64_t)1<<21)
|
||||||
|
|
||||||
#define EXILE_SYSCALL_PLEDGE_DENY_ERROR ((uint64_t)1<<63)
|
#define EXILE_SYSCALL_VOW_DENY_ERROR ((uint64_t)1<<63)
|
||||||
|
|
||||||
|
|
||||||
#define EXILE_ARGFILTERS_COUNT 60
|
#define EXILE_ARGFILTERS_COUNT 60
|
||||||
@ -344,7 +344,7 @@ struct exile_policy
|
|||||||
char chroot_target_path[PATH_MAX];
|
char chroot_target_path[PATH_MAX];
|
||||||
const char *chdir_path;
|
const char *chdir_path;
|
||||||
|
|
||||||
uint64_t pledge_promises;
|
uint64_t vow_promises;
|
||||||
|
|
||||||
/* Do not manually add policies here, use exile_append_path_polic*() */
|
/* Do not manually add policies here, use exile_append_path_polic*() */
|
||||||
struct exile_path_policy *path_policies;
|
struct exile_path_policy *path_policies;
|
||||||
@ -357,273 +357,273 @@ struct exile_policy
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
static struct syscall_pledge_map exile_pledge_map[] =
|
static struct syscall_vow_map exile_vow_map[] =
|
||||||
{
|
{
|
||||||
{EXILE_SYS(read), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(read), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(write), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(write), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(open), EXILE_SYSCALL_PLEDGE_RPATH|EXILE_SYSCALL_PLEDGE_WPATH},
|
{EXILE_SYS(open), EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH},
|
||||||
{EXILE_SYS(close), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(close), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(stat), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(stat), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(fstat), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(fstat), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(lstat), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(lstat), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(poll), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(poll), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(lseek), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(lseek), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mmap), EXILE_SYSCALL_PLEDGE_STDIO|EXILE_SYSCALL_PLEDGE_PROT_EXEC},
|
{EXILE_SYS(mmap), EXILE_SYSCALL_VOW_STDIO|EXILE_SYSCALL_VOW_PROT_EXEC},
|
||||||
{EXILE_SYS(mprotect), EXILE_SYSCALL_PLEDGE_STDIO|EXILE_SYSCALL_PLEDGE_PROT_EXEC},
|
{EXILE_SYS(mprotect), EXILE_SYSCALL_VOW_STDIO|EXILE_SYSCALL_VOW_PROT_EXEC},
|
||||||
{EXILE_SYS(munmap), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(munmap), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(brk), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(brk), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(rt_sigaction), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(rt_sigaction), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(rt_sigprocmask), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(rt_sigprocmask), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(rt_sigreturn), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(rt_sigreturn), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(ioctl), EXILE_SYSCALL_PLEDGE_STDIO|EXILE_SYSCALL_PLEDGE_IOCTL},
|
{EXILE_SYS(ioctl), EXILE_SYSCALL_VOW_STDIO|EXILE_SYSCALL_VOW_IOCTL},
|
||||||
{EXILE_SYS(pread64), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(pread64), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(pwrite64), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(pwrite64), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(readv), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(readv), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(writev), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(writev), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(access), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(access), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(pipe), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(pipe), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(select), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(select), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(sched_yield), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sched_yield), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mremap), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mremap), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(msync), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(msync), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mincore), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mincore), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(madvise), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(madvise), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(shmget), EXILE_SYSCALL_PLEDGE_SHM},
|
{EXILE_SYS(shmget), EXILE_SYSCALL_VOW_SHM},
|
||||||
{EXILE_SYS(shmat), EXILE_SYSCALL_PLEDGE_SHM},
|
{EXILE_SYS(shmat), EXILE_SYSCALL_VOW_SHM},
|
||||||
{EXILE_SYS(shmctl), EXILE_SYSCALL_PLEDGE_SHM},
|
{EXILE_SYS(shmctl), EXILE_SYSCALL_VOW_SHM},
|
||||||
{EXILE_SYS(dup), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(dup), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(dup2), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(dup2), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(pause), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(pause), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(nanosleep), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(nanosleep), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getitimer), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getitimer), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(alarm), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(alarm), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setitimer), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(setitimer), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getpid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getpid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(sendfile), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sendfile), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(socket), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(socket), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(connect), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(connect), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(accept), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(accept), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(sendto), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sendto), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(recvfrom), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(recvfrom), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(sendmsg), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sendmsg), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(recvmsg), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(recvmsg), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(shutdown), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(shutdown), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(bind), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(bind), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(listen), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(listen), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(getsockname), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(getsockname), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(getpeername), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(getpeername), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(socketpair), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(socketpair), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setsockopt), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(setsockopt), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(getsockopt), EXILE_SYSCALL_PLEDGE_INET|EXILE_SYSCALL_PLEDGE_UNIX},
|
{EXILE_SYS(getsockopt), EXILE_SYSCALL_VOW_INET|EXILE_SYSCALL_VOW_UNIX},
|
||||||
{EXILE_SYS(clone), EXILE_SYSCALL_PLEDGE_CLONE|EXILE_SYSCALL_PLEDGE_THREAD},
|
{EXILE_SYS(clone), EXILE_SYSCALL_VOW_CLONE|EXILE_SYSCALL_VOW_THREAD},
|
||||||
{EXILE_SYS(fork), EXILE_SYSCALL_PLEDGE_CLONE},
|
{EXILE_SYS(fork), EXILE_SYSCALL_VOW_CLONE},
|
||||||
{EXILE_SYS(vfork), EXILE_SYSCALL_PLEDGE_CLONE},
|
{EXILE_SYS(vfork), EXILE_SYSCALL_VOW_CLONE},
|
||||||
{EXILE_SYS(execve), EXILE_SYSCALL_PLEDGE_EXEC},
|
{EXILE_SYS(execve), EXILE_SYSCALL_VOW_EXEC},
|
||||||
{EXILE_SYS(exit), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(exit), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(wait4), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(wait4), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(kill), EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(kill), EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(uname), EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(uname), EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(semget), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(semget), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(semop), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(semop), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(semctl), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(semctl), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(shmdt), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(shmdt), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(msgget), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(msgget), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(msgsnd), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(msgsnd), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(msgrcv), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(msgrcv), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(msgctl), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(msgctl), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(fcntl), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(fcntl), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(flock), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(flock), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(fsync), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(fsync), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(fdatasync), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(fdatasync), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(truncate), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(truncate), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(ftruncate), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(ftruncate), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getdents), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(getdents), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(getcwd), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getcwd), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(chdir), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(chdir), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(fchdir), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(fchdir), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(rename), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(rename), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(mkdir), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(mkdir), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(rmdir), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(rmdir), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(creat), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(creat), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(link), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(link), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(unlink), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(unlink), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(symlink), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(symlink), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(readlink), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(readlink), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(chmod), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(chmod), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(fchmod), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(fchmod), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(chown), EXILE_SYSCALL_PLEDGE_CHOWN},
|
{EXILE_SYS(chown), EXILE_SYSCALL_VOW_CHOWN},
|
||||||
{EXILE_SYS(fchown), EXILE_SYSCALL_PLEDGE_CHOWN},
|
{EXILE_SYS(fchown), EXILE_SYSCALL_VOW_CHOWN},
|
||||||
{EXILE_SYS(lchown), EXILE_SYSCALL_PLEDGE_CHOWN},
|
{EXILE_SYS(lchown), EXILE_SYSCALL_VOW_CHOWN},
|
||||||
{EXILE_SYS(umask), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(umask), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(gettimeofday), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(gettimeofday), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getrlimit), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getrlimit), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getrusage), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getrusage), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(sysinfo), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sysinfo), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(times), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(times), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getuid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getuid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getgid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getgid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setuid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setuid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(setgid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setgid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(geteuid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(geteuid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getegid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getegid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setpgid), EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(setpgid), EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(getppid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getppid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getpgrp), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getpgrp), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setsid), EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(setsid), EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(setreuid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setreuid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(setregid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setregid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(getgroups), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getgroups), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setgroups), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setgroups), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(setresuid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setresuid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(getresuid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getresuid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setresgid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setresgid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(getresgid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getresgid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getpgid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getpgid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setfsuid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setfsuid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(setfsgid), EXILE_SYSCALL_PLEDGE_ID},
|
{EXILE_SYS(setfsgid), EXILE_SYSCALL_VOW_ID},
|
||||||
{EXILE_SYS(getsid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getsid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(capget), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(capget), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(rt_sigpending), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(rt_sigpending), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(rt_sigtimedwait), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(rt_sigtimedwait), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(rt_sigqueueinfo), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(rt_sigqueueinfo), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(rt_sigsuspend), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(rt_sigsuspend), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(utime), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(utime), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(mknod), EXILE_SYSCALL_PLEDGE_DPATH},
|
{EXILE_SYS(mknod), EXILE_SYSCALL_VOW_DPATH},
|
||||||
{EXILE_SYS(uselib), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(uselib), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(ustat), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(ustat), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(statfs), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(statfs), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(fstatfs), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(fstatfs), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(getpriority), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getpriority), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(setpriority), EXILE_SYSCALL_PLEDGE_SCHED|EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(setpriority), EXILE_SYSCALL_VOW_SCHED|EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(sched_setparam), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_setparam), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(sched_getparam), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_getparam), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(sched_setscheduler), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_setscheduler), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(sched_getscheduler), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_getscheduler), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(sched_get_priority_max), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_get_priority_max), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(sched_get_priority_min), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_get_priority_min), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(sched_rr_get_interval), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_rr_get_interval), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(mlock), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mlock), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(munlock), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(munlock), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mlockall), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mlockall), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(munlockall), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(munlockall), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(vhangup), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(vhangup), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(prctl), EXILE_SYSCALL_PLEDGE_STDIO|EXILE_SYSCALL_PLEDGE_PRCTL|EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL},
|
{EXILE_SYS(prctl), EXILE_SYSCALL_VOW_STDIO|EXILE_SYSCALL_VOW_PRCTL|EXILE_SYSCALL_VOW_SECCOMP_INSTALL},
|
||||||
{EXILE_SYS(setrlimit), EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(setrlimit), EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(sync), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sync), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(gettid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(gettid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(readahead), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(readahead), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(setxattr), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(setxattr), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(lsetxattr), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(lsetxattr), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(fsetxattr), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(fsetxattr), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(getxattr), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(getxattr), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(lgetxattr), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(lgetxattr), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(fgetxattr), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(fgetxattr), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(listxattr), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(listxattr), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(llistxattr), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(llistxattr), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(flistxattr), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(flistxattr), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(removexattr), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(removexattr), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(lremovexattr), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(lremovexattr), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(fremovexattr), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(fremovexattr), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(tkill), EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(tkill), EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(time), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(time), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(futex), EXILE_SYSCALL_PLEDGE_THREAD},
|
{EXILE_SYS(futex), EXILE_SYSCALL_VOW_THREAD},
|
||||||
{EXILE_SYS(sched_getaffinity), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sched_getaffinity), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(set_thread_area), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(set_thread_area), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(get_thread_area), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(get_thread_area), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(lookup_dcookie), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(lookup_dcookie), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(epoll_create), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_create), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(epoll_ctl_old), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_ctl_old), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(epoll_wait_old), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_wait_old), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(remap_file_pages), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(remap_file_pages), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getdents64), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(getdents64), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(set_tid_address), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(set_tid_address), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(semtimedop), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(semtimedop), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(fadvise64), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(fadvise64), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(timer_create), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timer_create), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(timer_settime), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timer_settime), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(timer_gettime), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timer_gettime), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(timer_getoverrun), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timer_getoverrun), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(timer_delete), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timer_delete), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(clock_gettime), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(clock_gettime), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(clock_getres), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(clock_getres), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(clock_nanosleep), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(clock_nanosleep), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(exit_group), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(exit_group), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(epoll_wait), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_wait), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(epoll_ctl), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_ctl), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(tgkill), EXILE_SYSCALL_PLEDGE_PROC},
|
{EXILE_SYS(tgkill), EXILE_SYSCALL_VOW_PROC},
|
||||||
{EXILE_SYS(utimes), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(utimes), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(mbind), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mbind), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(get_mempolicy), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(get_mempolicy), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mq_open), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mq_open), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mq_unlink), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mq_unlink), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mq_timedsend), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mq_timedsend), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mq_timedreceive), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mq_timedreceive), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mq_notify), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mq_notify), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(mq_getsetattr), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mq_getsetattr), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(waitid), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(waitid), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(inotify_init), EXILE_SYSCALL_PLEDGE_FSNOTIFY},
|
{EXILE_SYS(inotify_init), EXILE_SYSCALL_VOW_FSNOTIFY},
|
||||||
{EXILE_SYS(inotify_add_watch), EXILE_SYSCALL_PLEDGE_FSNOTIFY},
|
{EXILE_SYS(inotify_add_watch), EXILE_SYSCALL_VOW_FSNOTIFY},
|
||||||
{EXILE_SYS(inotify_rm_watch), EXILE_SYSCALL_PLEDGE_FSNOTIFY},
|
{EXILE_SYS(inotify_rm_watch), EXILE_SYSCALL_VOW_FSNOTIFY},
|
||||||
{EXILE_SYS(openat), EXILE_SYSCALL_PLEDGE_RPATH|EXILE_SYSCALL_PLEDGE_WPATH},
|
{EXILE_SYS(openat), EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH},
|
||||||
{EXILE_SYS(mkdirat), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(mkdirat), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(mknodat), EXILE_SYSCALL_PLEDGE_DPATH},
|
{EXILE_SYS(mknodat), EXILE_SYSCALL_VOW_DPATH},
|
||||||
{EXILE_SYS(fchownat), EXILE_SYSCALL_PLEDGE_CHOWN},
|
{EXILE_SYS(fchownat), EXILE_SYSCALL_VOW_CHOWN},
|
||||||
{EXILE_SYS(futimesat), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(futimesat), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(newfstatat), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(newfstatat), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(unlinkat), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(unlinkat), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(renameat), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(renameat), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(linkat), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(linkat), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(symlinkat), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(symlinkat), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(readlinkat), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(readlinkat), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(fchmodat), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(fchmodat), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(faccessat), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(faccessat), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(pselect6), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(pselect6), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(ppoll), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(ppoll), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(set_robust_list), EXILE_SYSCALL_PLEDGE_THREAD},
|
{EXILE_SYS(set_robust_list), EXILE_SYSCALL_VOW_THREAD},
|
||||||
{EXILE_SYS(get_robust_list), EXILE_SYSCALL_PLEDGE_THREAD},
|
{EXILE_SYS(get_robust_list), EXILE_SYSCALL_VOW_THREAD},
|
||||||
{EXILE_SYS(splice), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(splice), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(tee), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(tee), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(sync_file_range), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sync_file_range), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(vmsplice), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(vmsplice), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(move_pages), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(move_pages), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(utimensat), EXILE_SYSCALL_PLEDGE_FATTR},
|
{EXILE_SYS(utimensat), EXILE_SYSCALL_VOW_FATTR},
|
||||||
{EXILE_SYS(epoll_pwait), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_pwait), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(signalfd), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(signalfd), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(timerfd_create), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timerfd_create), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(eventfd), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(eventfd), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(fallocate), EXILE_SYSCALL_PLEDGE_WPATH|EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(fallocate), EXILE_SYSCALL_VOW_WPATH|EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(timerfd_settime), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timerfd_settime), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(timerfd_gettime), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(timerfd_gettime), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(accept4), EXILE_SYSCALL_PLEDGE_UNIX|EXILE_SYSCALL_PLEDGE_INET},
|
{EXILE_SYS(accept4), EXILE_SYSCALL_VOW_UNIX|EXILE_SYSCALL_VOW_INET},
|
||||||
{EXILE_SYS(signalfd4), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(signalfd4), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(eventfd2), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(eventfd2), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(epoll_create1), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_create1), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(dup3), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(dup3), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(pipe2), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(pipe2), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(inotify_init1), EXILE_SYSCALL_PLEDGE_FSNOTIFY},
|
{EXILE_SYS(inotify_init1), EXILE_SYSCALL_VOW_FSNOTIFY},
|
||||||
{EXILE_SYS(preadv), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(preadv), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(pwritev), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(pwritev), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(recvmmsg), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(recvmmsg), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(fanotify_init), EXILE_SYSCALL_PLEDGE_FSNOTIFY},
|
{EXILE_SYS(fanotify_init), EXILE_SYSCALL_VOW_FSNOTIFY},
|
||||||
{EXILE_SYS(fanotify_mark), EXILE_SYSCALL_PLEDGE_FSNOTIFY},
|
{EXILE_SYS(fanotify_mark), EXILE_SYSCALL_VOW_FSNOTIFY},
|
||||||
{EXILE_SYS(open_by_handle_at), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(open_by_handle_at), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(sendmmsg), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(sendmmsg), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(getcpu), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getcpu), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(sched_setattr), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_setattr), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(sched_getattr), EXILE_SYSCALL_PLEDGE_SCHED},
|
{EXILE_SYS(sched_getattr), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(renameat2), EXILE_SYSCALL_PLEDGE_CPATH},
|
{EXILE_SYS(renameat2), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(getrandom), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(getrandom), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(execveat), EXILE_SYSCALL_PLEDGE_EXEC},
|
{EXILE_SYS(execveat), EXILE_SYSCALL_VOW_EXEC},
|
||||||
{EXILE_SYS(mlock2), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(mlock2), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(copy_file_range), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(copy_file_range), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(statx), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(statx), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(clone3), EXILE_SYSCALL_PLEDGE_CLONE},
|
{EXILE_SYS(clone3), EXILE_SYSCALL_VOW_CLONE},
|
||||||
{EXILE_SYS(close_range), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(close_range), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(openat2), EXILE_SYSCALL_PLEDGE_RPATH|EXILE_SYSCALL_PLEDGE_WPATH},
|
{EXILE_SYS(openat2), EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH},
|
||||||
{EXILE_SYS(faccessat2), EXILE_SYSCALL_PLEDGE_RPATH},
|
{EXILE_SYS(faccessat2), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(process_madvise), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(process_madvise), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(epoll_pwait2), EXILE_SYSCALL_PLEDGE_STDIO},
|
{EXILE_SYS(epoll_pwait2), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(futex_waitv), EXILE_SYSCALL_PLEDGE_THREAD}
|
{EXILE_SYS(futex_waitv), EXILE_SYSCALL_VOW_THREAD}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -679,16 +679,16 @@ int exile_append_syscall_default_policy(struct exile_policy *exile_policy, unsig
|
|||||||
return exile_append_syscall_policy(exile_policy, EXILE_SYSCALL_MATCH_ALL, default_policy, NULL, 0);
|
return exile_append_syscall_policy(exile_policy, EXILE_SYSCALL_MATCH_ALL, default_policy, NULL, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Returns, for the specific syscall, the correct sock_filter struct for the provided pledge_promises
|
/* Returns, for the specific syscall, the correct sock_filter struct for the provided vow_promises
|
||||||
|
|
||||||
Returns: 0 if none copied, otherwise the number of entries in "filter".
|
Returns: 0 if none copied, otherwise the number of entries in "filter".
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct sock_filter *filter , int *policy)
|
static int get_vow_argfilter(long syscall, uint64_t vow_promises, struct sock_filter *filter , int *policy)
|
||||||
{
|
{
|
||||||
|
|
||||||
/* How to read this:
|
/* How to read this:
|
||||||
* Keep in mind our default action is do deny, unless it's a syscall from an pledge promise. Then it will be
|
* Keep in mind our default action is do deny, unless it's a syscall from an vow promise. Then it will be
|
||||||
* accepted if the argument values are good (if we care about them at all).
|
* accepted if the argument values are good (if we care about them at all).
|
||||||
* EXILE_BPF_MATCH() means the argument value is good, and the syscall can be accepted
|
* EXILE_BPF_MATCH() means the argument value is good, and the syscall can be accepted
|
||||||
* EXILE_BPF_NO_MATCH() means the syscall won't be allowed because the value is illegal
|
* EXILE_BPF_NO_MATCH() means the syscall won't be allowed because the value is illegal
|
||||||
@ -760,25 +760,25 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
|
|||||||
{
|
{
|
||||||
case EXILE_SYS(mmap):
|
case EXILE_SYS(mmap):
|
||||||
case EXILE_SYS(mprotect):
|
case EXILE_SYS(mprotect):
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_PROT_EXEC)
|
if(vow_promises & EXILE_SYSCALL_VOW_PROT_EXEC)
|
||||||
{
|
{
|
||||||
/* If prot exec is allowed, there is no need to filter anything here */
|
/* If prot exec is allowed, there is no need to filter anything here */
|
||||||
result = 0;
|
result = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_STDIO)
|
if(vow_promises & EXILE_SYSCALL_VOW_STDIO)
|
||||||
{
|
{
|
||||||
result = sizeof(mmap_no_exec)/sizeof(mmap_no_exec[0]);
|
result = sizeof(mmap_no_exec)/sizeof(mmap_no_exec[0]);
|
||||||
memcpy(filter, mmap_no_exec, sizeof(mmap_no_exec));
|
memcpy(filter, mmap_no_exec, sizeof(mmap_no_exec));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case EXILE_SYS(ioctl):
|
case EXILE_SYS(ioctl):
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_IOCTL)
|
if(vow_promises & EXILE_SYSCALL_VOW_IOCTL)
|
||||||
{
|
{
|
||||||
result = 0;
|
result = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_STDIO)
|
if(vow_promises & EXILE_SYSCALL_VOW_STDIO)
|
||||||
{
|
{
|
||||||
result = sizeof(ioctl_default)/sizeof(ioctl_default[0]);
|
result = sizeof(ioctl_default)/sizeof(ioctl_default[0]);
|
||||||
memcpy(filter, ioctl_default, sizeof(ioctl_default));
|
memcpy(filter, ioctl_default, sizeof(ioctl_default));
|
||||||
@ -795,17 +795,17 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
|
|||||||
open_rdonly[0].k = offsetof(struct seccomp_data, args[2]);
|
open_rdonly[0].k = offsetof(struct seccomp_data, args[2]);
|
||||||
}
|
}
|
||||||
/* The combination of those three implies no filtering of open args */
|
/* The combination of those three implies no filtering of open args */
|
||||||
if((pledge_promises & (EXILE_SYSCALL_PLEDGE_CPATH|EXILE_SYSCALL_PLEDGE_RPATH|EXILE_SYSCALL_PLEDGE_WPATH)) == (EXILE_SYSCALL_PLEDGE_CPATH|EXILE_SYSCALL_PLEDGE_RPATH|EXILE_SYSCALL_PLEDGE_WPATH))
|
if((vow_promises & (EXILE_SYSCALL_VOW_CPATH|EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH)) == (EXILE_SYSCALL_VOW_CPATH|EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH))
|
||||||
{
|
{
|
||||||
result = 0;
|
result = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* If cpath is legal, don't filter O_CREAT */
|
/* If cpath is legal, don't filter O_CREAT */
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_CPATH)
|
if(vow_promises & EXILE_SYSCALL_VOW_CPATH)
|
||||||
{
|
{
|
||||||
open_rdonly[1] = (struct sock_filter) EXILE_BPF_NOP;
|
open_rdonly[1] = (struct sock_filter) EXILE_BPF_NOP;
|
||||||
}
|
}
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_WPATH)
|
if(vow_promises & EXILE_SYSCALL_VOW_WPATH)
|
||||||
{
|
{
|
||||||
open_rdonly[2] = (struct sock_filter) EXILE_BPF_NOP;
|
open_rdonly[2] = (struct sock_filter) EXILE_BPF_NOP;
|
||||||
open_rdonly[3] = (struct sock_filter) EXILE_BPF_NOP;
|
open_rdonly[3] = (struct sock_filter) EXILE_BPF_NOP;
|
||||||
@ -820,12 +820,12 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
|
|||||||
*policy = EXILE_SYSCALL_DENY_RET_ERROR;
|
*policy = EXILE_SYSCALL_DENY_RET_ERROR;
|
||||||
break;
|
break;
|
||||||
case EXILE_SYS(socket):
|
case EXILE_SYS(socket):
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_UNIX)
|
if(vow_promises & EXILE_SYSCALL_VOW_UNIX)
|
||||||
{
|
{
|
||||||
socket_filter[current_filter_index] = (struct sock_filter) EXILE_BPF_MATCH(AF_UNIX);
|
socket_filter[current_filter_index] = (struct sock_filter) EXILE_BPF_MATCH(AF_UNIX);
|
||||||
++current_filter_index;
|
++current_filter_index;
|
||||||
}
|
}
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_INET)
|
if(vow_promises & EXILE_SYSCALL_VOW_INET)
|
||||||
{
|
{
|
||||||
socket_filter[current_filter_index] = (struct sock_filter) EXILE_BPF_MATCH(AF_INET);
|
socket_filter[current_filter_index] = (struct sock_filter) EXILE_BPF_MATCH(AF_INET);
|
||||||
++current_filter_index;
|
++current_filter_index;
|
||||||
@ -841,7 +841,7 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
|
|||||||
memcpy(filter, setsockopt_filter, sizeof(setsockopt_filter));
|
memcpy(filter, setsockopt_filter, sizeof(setsockopt_filter));
|
||||||
break;
|
break;
|
||||||
case EXILE_SYS(clone):
|
case EXILE_SYS(clone):
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_CLONE)
|
if(vow_promises & EXILE_SYSCALL_VOW_CLONE)
|
||||||
{
|
{
|
||||||
result = 0;
|
result = 0;
|
||||||
break;
|
break;
|
||||||
@ -850,19 +850,19 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
|
|||||||
memcpy(filter, clone_filter, sizeof(clone_filter));
|
memcpy(filter, clone_filter, sizeof(clone_filter));
|
||||||
break;
|
break;
|
||||||
case EXILE_SYS(clone3):
|
case EXILE_SYS(clone3):
|
||||||
if((pledge_promises & EXILE_SYSCALL_PLEDGE_CLONE) == 0)
|
if((vow_promises & EXILE_SYSCALL_VOW_CLONE) == 0)
|
||||||
{
|
{
|
||||||
result = 0;
|
result = 0;
|
||||||
*policy = EXILE_SYSCALL_DENY_RET_ERROR;
|
*policy = EXILE_SYSCALL_DENY_RET_ERROR;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case EXILE_SYS(prctl):
|
case EXILE_SYS(prctl):
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_PRCTL)
|
if(vow_promises & EXILE_SYSCALL_VOW_PRCTL)
|
||||||
{
|
{
|
||||||
result = 0;
|
result = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if(pledge_promises & EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL)
|
if(vow_promises & EXILE_SYSCALL_VOW_SECCOMP_INSTALL)
|
||||||
{
|
{
|
||||||
prctl_default[3] = (struct sock_filter) EXILE_BPF_MATCH(PR_SET_SECCOMP);
|
prctl_default[3] = (struct sock_filter) EXILE_BPF_MATCH(PR_SET_SECCOMP);
|
||||||
}
|
}
|
||||||
@ -873,28 +873,28 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
int exile_append_pledge_promises(struct exile_policy *policy, uint64_t pledge_promises)
|
int exile_append_vow_promises(struct exile_policy *policy, uint64_t vow_promises)
|
||||||
{
|
{
|
||||||
for(unsigned int i = 0; i < sizeof(exile_pledge_map)/sizeof(exile_pledge_map[0]); i++)
|
for(unsigned int i = 0; i < sizeof(exile_vow_map)/sizeof(exile_vow_map[0]); i++)
|
||||||
{
|
{
|
||||||
struct syscall_pledge_map *current_map = &exile_pledge_map[i];
|
struct syscall_vow_map *current_map = &exile_vow_map[i];
|
||||||
if(current_map->pledgemask & pledge_promises)
|
if(current_map->vowmask & vow_promises)
|
||||||
{
|
{
|
||||||
struct sock_filter filter[EXILE_ARGFILTERS_COUNT];
|
struct sock_filter filter[EXILE_ARGFILTERS_COUNT];
|
||||||
long syscall = current_map->syscall;
|
long syscall = current_map->syscall;
|
||||||
int syscall_policy = EXILE_SYSCALL_ALLOW;
|
int syscall_policy = EXILE_SYSCALL_ALLOW;
|
||||||
int argfilters = get_pledge_argfilter(syscall, pledge_promises, filter, &syscall_policy);
|
int argfilters = get_vow_argfilter(syscall, vow_promises, filter, &syscall_policy);
|
||||||
int ret = exile_append_syscall_policy(policy, syscall, syscall_policy, filter, argfilters);
|
int ret = exile_append_syscall_policy(policy, syscall, syscall_policy, filter, argfilters);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("Failed adding syscall policy from pledge while processing %li\n", syscall);
|
EXILE_LOG_ERROR("Failed adding syscall policy from vow while processing %li\n", syscall);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
int pledge_policy = (pledge_promises & EXILE_SYSCALL_PLEDGE_DENY_ERROR) ? EXILE_SYSCALL_DENY_RET_ERROR : EXILE_SYSCALL_DENY_KILL_PROCESS;
|
int vow_policy = (vow_promises & EXILE_SYSCALL_VOW_DENY_ERROR) ? EXILE_SYSCALL_DENY_RET_ERROR : EXILE_SYSCALL_DENY_KILL_PROCESS;
|
||||||
return exile_append_syscall_default_policy(policy, pledge_policy);
|
return exile_append_syscall_default_policy(policy, vow_policy);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Creates an empty policy struct without opinionated defaults.
|
/* Creates an empty policy struct without opinionated defaults.
|
||||||
@ -1829,12 +1829,12 @@ int exile_enable_policy(struct exile_policy *policy)
|
|||||||
close(landlock_ruleset_fd);
|
close(landlock_ruleset_fd);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(policy->pledge_promises != 0)
|
if(policy->vow_promises != 0)
|
||||||
{
|
{
|
||||||
int ret = exile_append_pledge_promises(policy, policy->pledge_promises);
|
int ret = exile_append_vow_promises(policy, policy->vow_promises);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("exile_append_pledge_promises() failed: %i\n", ret);
|
EXILE_LOG_ERROR("exile_append_vow_promises() failed: %i\n", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1850,26 +1850,26 @@ int exile_enable_policy(struct exile_policy *policy)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* Convenience wrapper for the pledge-related subset of exile.h
|
/* Convenience wrapper for the vow-related subset of exile.h
|
||||||
*
|
*
|
||||||
* Only installs seccomp filters for the specified pledge promises.
|
* Only installs seccomp filters for the specified vow promises.
|
||||||
*
|
*
|
||||||
* Useful if only pledge is required from exile.h, but nothing else
|
* Useful if only vow is required from exile.h, but nothing else
|
||||||
*
|
*
|
||||||
* As with OpenBSD's, subsequent calls can only reduce allowed syscalls.
|
* Comparable with OpenBSD's pledge(), subsequent calls can only reduce allowed syscalls.
|
||||||
*
|
*
|
||||||
* Here, adding more promises than a previous call set may return success, but
|
* Here, adding more promises than a previous call set may return success, but
|
||||||
* won't be allowed during execution.
|
* won't be allowed during execution.
|
||||||
*
|
*
|
||||||
* Due to the nature of seccomp, it's furthermore required the EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL promise
|
* Due to the nature of seccomp, it's furthermore required the EXILE_SYSCALL_VOW_SECCOMP_INSTALL promise
|
||||||
* is set if further calls are expected. Generally, it's reasonable for the last call to
|
* is set if further calls are expected. Generally, it's reasonable for the last call to
|
||||||
* exile_pledge() a program makes to not set EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL.
|
* exile_vow() a program makes to not set EXILE_SYSCALL_VOW_SECCOMP_INSTALL.
|
||||||
*
|
*
|
||||||
* There are no seperate exec_promises. All children of the process inherit the filter.
|
* There are no seperate exec_promises. All children of the process inherit the filter.
|
||||||
* .
|
* .
|
||||||
* Return value: 0 on success, any other value on failure.
|
* Return value: 0 on success, any other value on failure.
|
||||||
*/
|
*/
|
||||||
int exile_pledge(uint64_t promises)
|
int exile_vow(uint64_t promises)
|
||||||
{
|
{
|
||||||
struct __user_cap_header_struct h = { 0 };
|
struct __user_cap_header_struct h = { 0 };
|
||||||
h.pid = 0;
|
h.pid = 0;
|
||||||
@ -1894,7 +1894,7 @@ int exile_pledge(uint64_t promises)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
policy->pledge_promises = promises;
|
policy->vow_promises = promises;
|
||||||
if((cap[0].effective & (1<<CAP_SYS_ADMIN)) == 0)
|
if((cap[0].effective & (1<<CAP_SYS_ADMIN)) == 0)
|
||||||
{
|
{
|
||||||
policy->no_new_privs = 1;
|
policy->no_new_privs = 1;
|
||||||
|
36
test.c
36
test.c
@ -282,10 +282,10 @@ int test_seccomp_argfilter_mixed()
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int do_test_seccomp_pledge_socket()
|
int do_test_seccomp_vow_socket()
|
||||||
{
|
{
|
||||||
struct exile_policy *policy = exile_init_policy();
|
struct exile_policy *policy = exile_init_policy();
|
||||||
policy->pledge_promises = EXILE_SYSCALL_PLEDGE_STDIO | EXILE_SYSCALL_PLEDGE_INET | EXILE_SYSCALL_PLEDGE_DENY_ERROR;
|
policy->vow_promises = EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_INET | EXILE_SYSCALL_VOW_DENY_ERROR;
|
||||||
xexile_enable_policy(policy);
|
xexile_enable_policy(policy);
|
||||||
|
|
||||||
int s = socket(AF_INET, SOCK_STREAM, 0);
|
int s = socket(AF_INET, SOCK_STREAM, 0);
|
||||||
@ -303,10 +303,10 @@ int do_test_seccomp_pledge_socket()
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int do_test_seccomp_pledge_open()
|
int do_test_seccomp_vow_open()
|
||||||
{
|
{
|
||||||
struct exile_policy *policy = exile_init_policy();
|
struct exile_policy *policy = exile_init_policy();
|
||||||
policy->pledge_promises = EXILE_SYSCALL_PLEDGE_STDIO | EXILE_SYSCALL_PLEDGE_RPATH | EXILE_SYSCALL_PLEDGE_DENY_ERROR;
|
policy->vow_promises = EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_DENY_ERROR;
|
||||||
xexile_enable_policy(policy);
|
xexile_enable_policy(policy);
|
||||||
|
|
||||||
int ret = open("/dev/urandom", O_WRONLY | O_APPEND);
|
int ret = open("/dev/urandom", O_WRONLY | O_APPEND);
|
||||||
@ -330,30 +330,30 @@ int do_test_seccomp_pledge_open()
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int test_seccomp_pledge()
|
int test_seccomp_vow()
|
||||||
{
|
{
|
||||||
int ret = test_successful_exit(&do_test_seccomp_pledge_open);
|
int ret = test_successful_exit(&do_test_seccomp_vow_open);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
printf("Failed: do_test_seccomp_pledge_open()\n");
|
printf("Failed: do_test_seccomp_vow_open()\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
ret = test_successful_exit(&do_test_seccomp_pledge_socket);
|
ret = test_successful_exit(&do_test_seccomp_vow_socket);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
printf("Failed: do_test_seccomp_pledge_socket()\n");
|
printf("Failed: do_test_seccomp_vow_socket()\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int test_seccomp_exile_pledge_multiple()
|
int test_seccomp_exile_vow_multiple()
|
||||||
{
|
{
|
||||||
|
|
||||||
int ret = exile_pledge(EXILE_SYSCALL_PLEDGE_STDIO | EXILE_SYSCALL_PLEDGE_UNIX | EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL | EXILE_SYSCALL_PLEDGE_DENY_ERROR);
|
int ret = exile_vow(EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_SECCOMP_INSTALL | EXILE_SYSCALL_VOW_DENY_ERROR);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
printf("Failed: exile_pledge() call 1 failed\n");
|
printf("Failed: exile_vow() call 1 failed\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
int s = socket(AF_UNIX, SOCK_STREAM, 0);
|
int s = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||||
@ -364,10 +364,10 @@ int test_seccomp_exile_pledge_multiple()
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Let's take away unix sockets, so it should not be possible anymore */
|
/* Let's take away unix sockets, so it should not be possible anymore */
|
||||||
ret = exile_pledge(EXILE_SYSCALL_PLEDGE_STDIO | EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL | EXILE_SYSCALL_PLEDGE_DENY_ERROR);
|
ret = exile_vow(EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_SECCOMP_INSTALL | EXILE_SYSCALL_VOW_DENY_ERROR);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
printf("Failed: exile_pledge() call 2 failed\n");
|
printf("Failed: exile_vow() call 2 failed\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
s = socket(AF_UNIX, SOCK_STREAM, 0);
|
s = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||||
@ -378,10 +378,10 @@ int test_seccomp_exile_pledge_multiple()
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Let's try to regain unix sockets again */
|
/* Let's try to regain unix sockets again */
|
||||||
ret = exile_pledge(EXILE_SYSCALL_PLEDGE_STDIO | EXILE_SYSCALL_PLEDGE_UNIX | EXILE_SYSCALL_PLEDGE_SECCOMP_INSTALL | EXILE_SYSCALL_PLEDGE_DENY_ERROR);
|
ret = exile_vow(EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_SECCOMP_INSTALL | EXILE_SYSCALL_VOW_DENY_ERROR);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
printf("Failed: exile_pledge() call 3 failed\n");
|
printf("Failed: exile_vow() call 3 failed\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
s = socket(AF_UNIX, SOCK_STREAM, 0);
|
s = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||||
@ -503,8 +503,8 @@ struct dispatcher dispatchers[] = {
|
|||||||
{ "seccomp-argfilter-allowed", &test_seccomp_argfilter_allowed},
|
{ "seccomp-argfilter-allowed", &test_seccomp_argfilter_allowed},
|
||||||
{ "seccomp-argfilter-filtered", &test_seccomp_argfilter_filtered},
|
{ "seccomp-argfilter-filtered", &test_seccomp_argfilter_filtered},
|
||||||
{ "seccomp-argfilter-mixed", &test_seccomp_argfilter_mixed},
|
{ "seccomp-argfilter-mixed", &test_seccomp_argfilter_mixed},
|
||||||
{ "seccomp-pledge", &test_seccomp_pledge},
|
{ "seccomp-vow", &test_seccomp_vow},
|
||||||
{ "seccomp-pledge-exile_pledge-multi", &test_seccomp_exile_pledge_multiple},
|
{ "seccomp-vow-exile_vow-multi", &test_seccomp_exile_vow_multiple},
|
||||||
{ "landlock", &test_landlock},
|
{ "landlock", &test_landlock},
|
||||||
{ "landlock-deny-write", &test_landlock_deny_write },
|
{ "landlock-deny-write", &test_landlock_deny_write },
|
||||||
{ "no_fs", &test_nofs},
|
{ "no_fs", &test_nofs},
|
||||||
|
Loading…
Reference in New Issue
Block a user