5cd45c09b7
bpf: Use SECCOMP_RET_KILL_PROCESS instead SECCOMP_RET_KILL
...
We generally want to kill the process not the thread.
2021-08-12 11:40:29 +02:00
fa06287b13
Use new qssb_append_*_syscall functions, remove old fields
2021-08-12 11:37:19 +02:00
68694723fe
Begin qssb_append_*_syscall family of functions
...
The purpose of these new functions is to make it simpler for users
to add new syscalls to the whitelist and blacklist.
The current approach uses a user-supplied pointer which however
was difficult to manage with "no_fs", which may add systemcalls
to the blacklist. Then we must resize arrays, and suddenly
it's our job to free them.
As a bonus, implementing them here allows easier data structure
changes and decreases the chances tgat users of this API
do something wrong, like forgetting -1 at then end, etc.
2021-08-12 11:37:19 +02:00
4a4d551e75
Introduce "no_fs" and "no_new_fd" options.
...
no_fs is a simple way to take away all
FS access, without constructing path_policies etc.
no_new_fd disallows opening any new
file descriptors
2021-08-10 16:58:43 +02:00
57238b535c
Expand disallowed system calls
...
Relevant: #8
2021-08-10 16:57:44 +02:00
b4e8116c20
seccomp_enable_whitelist(): Fix comment
2021-08-10 16:55:58 +02:00
75f607bc35
qssb_append_path_policies(): Add explicit type cast for c++
2021-08-07 12:05:58 +02:00
a585db7778
qssb_free_policy(): Allow passing NULL
2021-06-08 22:04:46 +02:00
55ec51ba21
Improve and add functions comments
2021-06-08 22:04:46 +02:00
ade022ba62
update README
2021-06-08 22:04:26 +02:00
c57c79fa36
test: Log output of individual tests
2021-06-06 09:27:45 +02:00
5138d88b12
test: Count succeeded/failed tests
2021-06-06 09:02:30 +02:00
b8d6c78780
test: Rename fail(), echogreen()
2021-06-06 08:57:24 +02:00
a7c04537f7
Rename allowed_syscalls to whitelisted_syscalls for consistency
2021-06-05 20:15:09 +02:00
85c01899a9
Start implementing tests
2021-06-05 20:11:07 +02:00
0b13f551f4
Fix stray = in #define
2021-06-05 14:03:42 +02:00
bb07b95993
Fix stray semicolon
2021-06-05 11:55:59 +02:00
d070268fca
Add more system calls to blacklist
2021-05-29 23:15:04 +02:00
d6f4a37de8
Remove unused qssb_end_policy()
2021-05-22 22:36:01 +02:00
afb429e124
qssb_policy: Remove unused syscall_default_policy member
2021-05-22 22:35:26 +02:00
946492c28e
qssb_free_policy(): free path policies
2021-05-22 20:05:31 +02:00
ad9c391e3f
QSSB_FS_ALLOW_WRITE does not imply ALLOW_READ anymore
...
Landlock can handle write access without it implying read access,
in contrast to the existing bind mounts solution. Hence, remove
ALLOW_READ from ALLOW_WRITE bitmask.
2021-05-22 20:05:31 +02:00
fcebed557c
Add qssb_append_path_polic{ies,y}: Convenience function to add path policies
2021-05-22 20:05:25 +02:00
bb02e40101
Begin landlock support
2021-05-15 23:30:05 +02:00
7e2d4139cb
Begin check_policy_sanity(): Checks whether policy is reasonable
...
Issue: #3
2021-05-09 12:59:58 +02:00
6e6812e13d
Introduce mount_path_policies_to_chroot option, changing path_policy enforcement logic
...
Previously, we needed chroot and bind mounts to enforce path_policies. Therefore,
in the presence of path policies, we had to explicitly create a chroot
dir.
With the coming landlock support, this is not required anymore.
However, one might still want to chroot and bind mount flags. But
path policies don't dictate that anymore.
2021-05-09 12:59:58 +02:00
edf144bbc7
Allow overriding HAVE_LANDLOCK irrespectible of kernel verison
2021-05-09 12:59:58 +02:00
67e1afc904
Remove unused policy flag QSSB_FS_ALLOW_NOTHING
2021-05-09 12:59:58 +02:00
2c94fe8225
qssb_path_policy: rename 'mountpoint' to 'path', make 'policy' unsigned
2021-05-09 12:59:58 +02:00
4674638e9a
Add landlock policy flags if landlock is supported
2021-05-09 12:59:58 +02:00
8697fd8b84
qssb.h: Add copyright header
2021-05-09 10:02:31 +02:00
ed6a2a1067
Rename general QSSB_MOUNT* flags to QSSB_FS*
2021-05-09 09:35:17 +02:00
9df2e9ee90
seccomp_enable(): Replace param types with correct unsigned int versions
2021-04-18 13:24:49 +02:00
23f697bcc9
Update README.md: Update example projects links, minor improvements
2020-09-26 17:23:51 +02:00
763c65c3fe
qssb_enable_policy: check for empty str instead of NULL ptr
...
This was missed in 0a851790b8
2020-09-26 16:09:43 +02:00
dbdb35db37
Remove wrong static keywords from some qssb_*_policy functions
2020-04-13 23:00:33 +02:00
0a851790b8
change chroot_target_path from pointer to array
...
Fixes memory leak.
Breaks existing API.
2020-04-13 22:50:30 +02:00
60776be416
only chdir to / by default when actually chrooting and no dir given
2019-12-07 23:44:55 +01:00
ff2bc24c6b
only create chroot directory when path policies are available
2019-12-07 23:26:27 +01:00
7547644013
silence multiple compiler warnings
2019-11-17 15:13:25 +01:00
8f104a231c
bugfix: qssb_enable_policy: pointer to stack-local variable
2019-11-17 12:50:27 +01:00
fbf51e095f
introduce path policies, replacing readonly/writable paths vars
2019-11-16 23:35:08 +01:00
1b8504c052
updated README
2019-11-15 21:53:26 +01:00
6f1b27ee51
qssb_init_policy: explicit cast (for C++)
2019-11-15 21:40:56 +01:00
ee6bd18027
begin a default blacklist of syscalls
2019-11-15 21:17:33 +01:00
8298a30e7c
make PATH_MAX consistent across all buffers throughout the code
2019-11-10 12:29:53 +01:00
338e578350
seccomp_enable: fix unused default_action parameter
2019-11-10 12:10:37 +01:00
069349eaf6
generate a random directory for chroot if none given
2019-11-10 12:08:35 +01:00
1de1ae0b32
introduce bitmasks indicating which namespaces to unshare
2019-11-09 21:13:40 +01:00
bad600b3a8
set #defines only if not set already
2019-11-09 20:55:12 +01:00