Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add some uses of personality syscall to default seccomp filter #20672

Merged
merged 1 commit into from Feb 26, 2016
Merged

Add some uses of personality syscall to default seccomp filter #20672

merged 1 commit into from Feb 26, 2016

Conversation

justincormack
Copy link
Contributor

We generally want to filter the personality(2) syscall, as it
allows disabling ASLR, and turning on some poorly supported
emulations that have been the target of CVEs. However the use
cases for reading the current value, setting the default
PER_LINUX personality, and setting PER_LINUX32 for 32 bit
emulation are fine.

See issue #20634

Signed-off-by: Justin Cormack justin.cormack@docker.com

@justincormack
Copy link
Contributor Author

cc @jfrazelle @thaJeztah @NathanMcCauley

@jessfraz
Copy link
Contributor

LGTM

@justincormack
Copy link
Contributor Author

Reformatted.

@thaJeztah
Copy link
Member

I think you'll also need to re-generate the JSON version; https://github.com/docker/docker/blob/master/profiles/seccomp/default.json @jfrazelle added some code for that, see #20106

@thaJeztah
Copy link
Member

Oh! Janky picked that up because Jess has added that check \o/

21:17:02 ---> Making bundle: validate-default-seccomp (in bundles/1.11.0-dev/validate-default-seccomp)
21:17:04 The result of go generate ./profiles/seccomp/ differs
21:17:04 
21:17:04  M profiles/seccomp/default.json
21:17:04 
21:17:04 Please re-run go generate ./profiles/seccomp/

@justincormack
Copy link
Contributor Author

Yes, good catch. Something odd though, go generate is generating incorrect constants in the json for me, for no visible reason. Hmm.

@justincormack
Copy link
Contributor Author

Curious if that makes janky happy. It is however completely useless as something has changed and (a) my computer generates non-matching json and (b) the default json profile is incorrect and doesn't work. Will make another issue for that.

@justincormack
Copy link
Contributor Author

No, janky doesnt like that either. Can someone else run go generate ./profiles/seccomp/ and let me know what git diff says?

@justincormack
Copy link
Contributor Author

Filed #20678 as the default.json file does not work anyway at present... removing the commit to add it for now.

@thaJeztah
Copy link
Member

Got this as diff (ran inside a build container 😄)

diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index ddfc0f4..661abbe 100755
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -841,7 +841,7 @@
                    "index": 0,
                    "value": 0,
                    "value_two": 0,
-                   "op": 0
+                   "op": 1
                }
            ]
        },
@@ -853,7 +853,7 @@
                    "index": 0,
                    "value": 8,
                    "value_two": 0,
-                   "op": 0
+                   "op": 1
                }
            ]
        },
@@ -865,7 +865,7 @@
                    "index": 0,
                    "value": 4294967295,
                    "value_two": 0,
-                   "op": 0
+                   "op": 1
                }
            ]
        },

@justincormack
Copy link
Contributor Author

@thaJeztah different meaningless values, need to fix #20678 and rebase...

@justincormack justincormack force-pushed the personality branch 2 times, most recently from 336c312 to 8ffc56a Compare February 26, 2016 15:51
@justincormack
Add some uses of personality syscall to default seccomp filter
39b799a 
We generally want to filter the personality(2) syscall, as it
allows disabling ASLR, and turning on some poorly supported
emulations that have been the target of CVEs. However the use
cases for reading the current value, setting the default
PER_LINUX personality, and setting PER_LINUX32 for 32 bit
emulation are fine.

See issue moby#20634

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
@justincormack
Copy link
Contributor Author

Ok added the (now working) updated json file in.

@calavera
Copy link
Contributor

LGTM

calavera added a commit that referenced this pull request Feb 26, 2016
@calavera
Merge pull request #20672 from justincormack/personality
f666d91 
Add some uses of personality syscall to default seccomp filter
@calavera calavera merged commit f666d91 into moby:master Feb 26, 2016
@justincormack justincormack deleted the personality branch February 27, 2016 13:39
@thaJeztah
Copy link
Member

@jfrazelle @justincormack should I add this to the 1.10.3 milestone for consideration? (If there will be a patch release)

@thaJeztah thaJeztah mentioned this pull request Feb 28, 2016
Closed
@justincormack
Copy link
Contributor Author

Yes, may as well be added if there is a release.

@thaJeztah thaJeztah added this to the 1.10.3 milestone Feb 28, 2016
@tiborvass tiborvass mentioned this pull request Mar 7, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status/4-merge
Projects
None yet
Milestone
1.10.3
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@justincormack @jessfraz @thaJeztah @calavera @cpuguy83 @GordonTheTurtle