configure option to disable SECCOMP

Change-Id: I8120674b60d388a3f85190631469a112c4af9266
Reviewed-on: https://gerrit.libreoffice.org/39408
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
This commit is contained in:
Andras Timar 2017-06-30 12:10:38 +02:00 committed by Michael Meeks
parent 9a75040bf0
commit ad8bffa04a
5 changed files with 34 additions and 9 deletions

View file

@ -12,12 +12,13 @@
*/
#include "config.h"
#include <dlfcn.h>
#include <ftw.h>
#include <linux/audit.h>
#include <linux/filter.h>
#if DISABLE_SECCOMP == 0
#include <linux/seccomp.h>
#endif
#include <malloc.h>
#include <signal.h>
#include <sys/capability.h>
@ -42,6 +43,7 @@
# error "Platform does not support seccomp filtering yet - unsafe."
#endif
#if DISABLE_SECCOMP == 0
extern "C" {
static void handleSysSignal(int /* signal */,
@ -73,6 +75,7 @@ static void handleSysSignal(int /* signal */,
}
} // extern "C"
#endif
namespace Seccomp {
@ -80,6 +83,7 @@ bool lockdown(Type type)
{
(void)type; // so far just the kit.
#if DISABLE_SECCOMP == 0
#define ACCEPT_SYSCALL(name) \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
@ -214,8 +218,16 @@ bool lockdown(Type type)
LOG_TRC("Install seccomp filter successfully.");
return true;
#else // DISABLE_SECCOMP == 0
LOG_WRN("Warning this code was compiled without seccomp enabled, this setup is not recommended for production.");
return true;
#endif // DISABLE_SECCOMP == 0
}
} // namespace Seccomp
namespace Rlimit {
bool handleSetrlimitCommand(const std::vector<std::string>& tokens)
{
if (tokens.size() == 3 && tokens[0] == "setconfig")
@ -276,6 +288,6 @@ bool handleSetrlimitCommand(const std::vector<std::string>& tokens)
return false;
}
} // namespace Seccomp
} // namespace Rlimit
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */

View file

@ -14,7 +14,9 @@ namespace Seccomp {
/// Lock-down a process hard - @returns true on success.
bool lockdown(Type type);
};
namespace Rlimit {
/// Handles setconfig command with limit_... subcommands.
/// Returns true iff it handled the command, regardless of success/failure.
bool handleSetrlimitCommand(const std::vector<std::string>& tokens);

View file

@ -52,6 +52,10 @@ AC_ARG_ENABLE([debug],
AS_HELP_STRING([--enable-debug],
[Enable debugging, link with debugging version of Poco libraries]))
AC_ARG_ENABLE([seccomp],
AS_HELP_STRING([--disable-seccomp],
[Disable use of linux/seccomp.h header when kernel on target system does not support it.
Beware of the security consequences!]))
AC_ARG_WITH([lokit-path],
AS_HELP_STRING([--with-lokit-path=<path>],
[Path to the "include" directory with the LibreOfficeKit headers]))
@ -267,9 +271,16 @@ AC_CHECK_HEADERS([LibreOfficeKit/LibreOfficeKit.h],
AC_CHECK_HEADERS([Poco/Net/WebSocket.h],
[],
[AC_MSG_ERROR([header Poco/Net/WebSocket.h not found, perhaps you want to use --with-poco-includes])])
AC_CHECK_HEADERS([linux/seccomp.h],
[],
[AC_MSG_ERROR([critical security header linux/seccomp.h not found.])])
DISABLE_SECCOMP=
if test "$enable_seccomp" != "no"; then
AC_CHECK_HEADERS([linux/seccomp.h],
[],
[AC_MSG_ERROR([critical security header linux/seccomp.h not found. If kernel on target system does not support SECCOMP, you can use --disable-seccomp, but mind the security consequences.])])
AC_DEFINE([DISABLE_SECCOMP],0,[Whether to disable SECCOMP])
else
AC_DEFINE([DISABLE_SECCOMP],1,[Whether to disable SECCOMP])
fi
AC_MSG_CHECKING([POCO version])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([

View file

@ -113,8 +113,8 @@ public:
}
else if (tokens.size() == 3 && tokens[0] == "setconfig")
{
// Currently onlly rlimit entries are supported.
if (!Seccomp::handleSetrlimitCommand(tokens))
// Currently only rlimit entries are supported.
if (!Rlimit::handleSetrlimitCommand(tokens))
{
LOG_ERR("Unknown setconfig command: " << message);
}
@ -442,7 +442,7 @@ int main(int argc, char** argv)
{
const auto pair = LOOLProtocol::split(cmdLimit, ':');
std::vector<std::string> tokensLimit = { "setconfig", pair.first, pair.second };
if (!Seccomp::handleSetrlimitCommand(tokensLimit))
if (!Rlimit::handleSetrlimitCommand(tokensLimit))
{
LOG_ERR("Unknown rlimits command: " << cmdLimit);
}

View file

@ -1927,7 +1927,7 @@ void lokit_main(const std::string& childRoot,
else if (tokens.size() == 3 && tokens[0] == "setconfig")
{
// Currently onlly rlimit entries are supported.
if (!Seccomp::handleSetrlimitCommand(tokens))
if (!Rlimit::handleSetrlimitCommand(tokens))
{
LOG_ERR("Unknown setconfig command: " << message);
}