[PATCH RFC 2/2] seccomp: implement SECCOMP_FILTER_FLAG_NO_INHERITANCE
Dmitry V. Levin
ldv at altlinux.org
Thu Nov 14 18:44:52 UTC 2019
On Thu, Nov 14, 2019 at 07:06:21PM +0100, Paul Chaignon wrote:
> Thanks for the review Dmitry!
>
> On Mon, Nov 11, 2019 at 11:44:50PM +0300, Dmitry V. Levin wrote:
> > On Mon, Nov 11, 2019 at 04:20:20PM +0100, Paul Chaignon wrote:
> > > Userspace ptracer can use seccomp's SECCOMP_RET_TRACE action to stop the
> > > tracee only at syscalls of interest. Strace v5.3, for example, supports
> > > this with the --seccomp-bpf option. However, since seccomp filters are
> > > inherited by children tasks, this behavior forces the userspace ptracer to
> > > trace children tasks as well.
> > >
> > > This patch adds a new seccomp syscall flag to SECCOMP_SET_MODE_FILTER to
> > > prevent children tasks of the process from inheriting the filter. It
> > > allows ptracers to use seccomp's SECCOMP_RET_TRACE even when not following
> > > children tasks.
> > >
> > > Signed-off-by: Paul Chaignon <paul.chaignon at gmail.com>
> > > ---
> > > include/linux/seccomp.h | 8 +++-
> > > include/uapi/linux/seccomp.h | 1 +
> > > kernel/fork.c | 5 +++
> > > kernel/seccomp.c | 14 ++++++
> > > tools/testing/selftests/seccomp/seccomp_bpf.c | 44 ++++++++++++++++++-
> > > 5 files changed, 70 insertions(+), 2 deletions(-)
> > >
>
> [...]
>
> > > diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
> > > index 90734aa5aa36..e7f715fb7b34 100644
> > > --- a/include/uapi/linux/seccomp.h
> > > +++ b/include/uapi/linux/seccomp.h
> > > @@ -22,6 +22,7 @@
> > > #define SECCOMP_FILTER_FLAG_LOG (1UL << 1)
> > > #define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
> > > #define SECCOMP_FILTER_FLAG_NEW_LISTENER (1UL << 3)
> > > +#define SECCOMP_FILTER_FLAG_NO_INHERIT (1UL << 4)
> >
> > NO_INHERIT is too generic, it doesn't clearly say that we want to skip
> > fork inheritance.
>
> I'm not sure I understand. Is there another type of inheritance for
> seccomp filters that I missed?
No, I don't think we care about any other type of inheritance, but this is
not my point. I mean it would be nice (although not necessary) if the
name itself was explicit about the kind of inheritance being skipped.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20191114/5c140687/attachment.bin>
More information about the Strace-devel
mailing list