configure option to disable SECCOMP
Change-Id: I8120674b60d388a3f85190631469a112c4af9266 Reviewed-on: https://gerrit.libreoffice.org/39408 Reviewed-by: Michael Meeks <michael.meeks@collabora.com> Tested-by: Michael Meeks <michael.meeks@collabora.com>
This commit is contained in:
parent
9a75040bf0
commit
ad8bffa04a
5 changed files with 34 additions and 9 deletions
|
@ -12,12 +12,13 @@
|
|||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <dlfcn.h>
|
||||
#include <ftw.h>
|
||||
#include <linux/audit.h>
|
||||
#include <linux/filter.h>
|
||||
#if DISABLE_SECCOMP == 0
|
||||
#include <linux/seccomp.h>
|
||||
#endif
|
||||
#include <malloc.h>
|
||||
#include <signal.h>
|
||||
#include <sys/capability.h>
|
||||
|
@ -42,6 +43,7 @@
|
|||
# error "Platform does not support seccomp filtering yet - unsafe."
|
||||
#endif
|
||||
|
||||
#if DISABLE_SECCOMP == 0
|
||||
extern "C" {
|
||||
|
||||
static void handleSysSignal(int /* signal */,
|
||||
|
@ -73,6 +75,7 @@ static void handleSysSignal(int /* signal */,
|
|||
}
|
||||
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
namespace Seccomp {
|
||||
|
||||
|
@ -80,6 +83,7 @@ bool lockdown(Type type)
|
|||
{
|
||||
(void)type; // so far just the kit.
|
||||
|
||||
#if DISABLE_SECCOMP == 0
|
||||
#define ACCEPT_SYSCALL(name) \
|
||||
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
|
||||
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
|
||||
|
@ -214,8 +218,16 @@ bool lockdown(Type type)
|
|||
LOG_TRC("Install seccomp filter successfully.");
|
||||
|
||||
return true;
|
||||
#else // DISABLE_SECCOMP == 0
|
||||
LOG_WRN("Warning this code was compiled without seccomp enabled, this setup is not recommended for production.");
|
||||
return true;
|
||||
#endif // DISABLE_SECCOMP == 0
|
||||
}
|
||||
|
||||
} // namespace Seccomp
|
||||
|
||||
namespace Rlimit {
|
||||
|
||||
bool handleSetrlimitCommand(const std::vector<std::string>& tokens)
|
||||
{
|
||||
if (tokens.size() == 3 && tokens[0] == "setconfig")
|
||||
|
@ -276,6 +288,6 @@ bool handleSetrlimitCommand(const std::vector<std::string>& tokens)
|
|||
return false;
|
||||
}
|
||||
|
||||
} // namespace Seccomp
|
||||
} // namespace Rlimit
|
||||
|
||||
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
||||
|
|
|
@ -14,7 +14,9 @@ namespace Seccomp {
|
|||
|
||||
/// Lock-down a process hard - @returns true on success.
|
||||
bool lockdown(Type type);
|
||||
};
|
||||
|
||||
namespace Rlimit {
|
||||
/// Handles setconfig command with limit_... subcommands.
|
||||
/// Returns true iff it handled the command, regardless of success/failure.
|
||||
bool handleSetrlimitCommand(const std::vector<std::string>& tokens);
|
||||
|
|
17
configure.ac
17
configure.ac
|
@ -52,6 +52,10 @@ AC_ARG_ENABLE([debug],
|
|||
AS_HELP_STRING([--enable-debug],
|
||||
[Enable debugging, link with debugging version of Poco libraries]))
|
||||
|
||||
AC_ARG_ENABLE([seccomp],
|
||||
AS_HELP_STRING([--disable-seccomp],
|
||||
[Disable use of linux/seccomp.h header when kernel on target system does not support it.
|
||||
Beware of the security consequences!]))
|
||||
AC_ARG_WITH([lokit-path],
|
||||
AS_HELP_STRING([--with-lokit-path=<path>],
|
||||
[Path to the "include" directory with the LibreOfficeKit headers]))
|
||||
|
@ -267,9 +271,16 @@ AC_CHECK_HEADERS([LibreOfficeKit/LibreOfficeKit.h],
|
|||
AC_CHECK_HEADERS([Poco/Net/WebSocket.h],
|
||||
[],
|
||||
[AC_MSG_ERROR([header Poco/Net/WebSocket.h not found, perhaps you want to use --with-poco-includes])])
|
||||
AC_CHECK_HEADERS([linux/seccomp.h],
|
||||
[],
|
||||
[AC_MSG_ERROR([critical security header linux/seccomp.h not found.])])
|
||||
DISABLE_SECCOMP=
|
||||
if test "$enable_seccomp" != "no"; then
|
||||
AC_CHECK_HEADERS([linux/seccomp.h],
|
||||
[],
|
||||
[AC_MSG_ERROR([critical security header linux/seccomp.h not found. If kernel on target system does not support SECCOMP, you can use --disable-seccomp, but mind the security consequences.])])
|
||||
AC_DEFINE([DISABLE_SECCOMP],0,[Whether to disable SECCOMP])
|
||||
else
|
||||
AC_DEFINE([DISABLE_SECCOMP],1,[Whether to disable SECCOMP])
|
||||
fi
|
||||
|
||||
|
||||
AC_MSG_CHECKING([POCO version])
|
||||
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
|
||||
|
|
|
@ -113,8 +113,8 @@ public:
|
|||
}
|
||||
else if (tokens.size() == 3 && tokens[0] == "setconfig")
|
||||
{
|
||||
// Currently onlly rlimit entries are supported.
|
||||
if (!Seccomp::handleSetrlimitCommand(tokens))
|
||||
// Currently only rlimit entries are supported.
|
||||
if (!Rlimit::handleSetrlimitCommand(tokens))
|
||||
{
|
||||
LOG_ERR("Unknown setconfig command: " << message);
|
||||
}
|
||||
|
@ -442,7 +442,7 @@ int main(int argc, char** argv)
|
|||
{
|
||||
const auto pair = LOOLProtocol::split(cmdLimit, ':');
|
||||
std::vector<std::string> tokensLimit = { "setconfig", pair.first, pair.second };
|
||||
if (!Seccomp::handleSetrlimitCommand(tokensLimit))
|
||||
if (!Rlimit::handleSetrlimitCommand(tokensLimit))
|
||||
{
|
||||
LOG_ERR("Unknown rlimits command: " << cmdLimit);
|
||||
}
|
||||
|
|
|
@ -1927,7 +1927,7 @@ void lokit_main(const std::string& childRoot,
|
|||
else if (tokens.size() == 3 && tokens[0] == "setconfig")
|
||||
{
|
||||
// Currently onlly rlimit entries are supported.
|
||||
if (!Seccomp::handleSetrlimitCommand(tokens))
|
||||
if (!Rlimit::handleSetrlimitCommand(tokens))
|
||||
{
|
||||
LOG_ERR("Unknown setconfig command: " << message);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue