virtiofsd: add seccomp whitelist Only allow system calls that are needed by virtiofsd. All other system calls cause SIGSYS to be directed at the thread and the process will coredump. Restricting system calls reduces the kernel attack surface and limits what the process can do when compromised. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> with additional entries by: Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com> Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com> Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Signed-off-by: piaojun <piaojun@huawei.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Eric Ren <renzhen@linux.alibaba.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

commit: 4f8bde99c175ffd86b5125098a4707d43f5e80c6 [log] [tgz]
author: Stefan Hajnoczi <stefanha@redhat.com> Wed Mar 13 09:32:51 2019 +0000
committer: Dr. David Alan Gilbert <dgilbert@redhat.com> Thu Jan 23 16:41:37 2020 +0000
tree: dff3e147bad537c6308fccd1e3f5d89a2e1327c8
parent: 8e1d4ef231d8327be219f7aea7aa15d181375bbc [diff] [blame]
diff --git a/tools/virtiofsd/seccomp.h b/tools/virtiofsd/seccomp.h
new file mode 100644
index 0000000..86bce72
--- /dev/null
+++ b/tools/virtiofsd/seccomp.h

@@ -0,0 +1,14 @@
+/*
+ * Seccomp sandboxing for virtiofsd
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef VIRTIOFSD_SECCOMP_H
+#define VIRTIOFSD_SECCOMP_H
+
+void setup_seccomp(void);
+
+#endif /* VIRTIOFSD_SECCOMP_H */
commit	4f8bde99c175ffd86b5125098a4707d43f5e80c6	[log] [tgz]
author	Stefan Hajnoczi <stefanha@redhat.com>	Wed Mar 13 09:32:51 2019 +0000
committer	Dr. David Alan Gilbert <dgilbert@redhat.com>	Thu Jan 23 16:41:37 2020 +0000
tree	dff3e147bad537c6308fccd1e3f5d89a2e1327c8
parent	8e1d4ef231d8327be219f7aea7aa15d181375bbc [diff] [blame]