diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2019-03-13 09:32:51 +0000 |
|---|---|---|
| committer | Dr. David Alan Gilbert <dgilbert@redhat.com> | 2020-01-23 16:41:37 +0000 |
| commit | 4f8bde99c175ffd86b5125098a4707d43f5e80c6 (patch) | |
| tree | dff3e147bad537c6308fccd1e3f5d89a2e1327c8 /tools/virtiofsd/seccomp.h | |
| parent | 8e1d4ef231d8327be219f7aea7aa15d181375bbc (diff) | |
| download | qemu-4f8bde99c175ffd86b5125098a4707d43f5e80c6.zip | |
virtiofsd: add seccomp whitelist
Only allow system calls that are needed by virtiofsd. All other system
calls cause SIGSYS to be directed at the thread and the process will
coredump.
Restricting system calls reduces the kernel attack surface and limits
what the process can do when compromised.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
with additional entries by:
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: piaojun <piaojun@huawei.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Diffstat (limited to 'tools/virtiofsd/seccomp.h')
| -rw-r--r-- | tools/virtiofsd/seccomp.h | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/tools/virtiofsd/seccomp.h b/tools/virtiofsd/seccomp.h new file mode 100644 index 0000000000..86bce72652 --- /dev/null +++ b/tools/virtiofsd/seccomp.h @@ -0,0 +1,14 @@ +/* + * Seccomp sandboxing for virtiofsd + * + * Copyright (C) 2019 Red Hat, Inc. + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef VIRTIOFSD_SECCOMP_H +#define VIRTIOFSD_SECCOMP_H + +void setup_seccomp(void); + +#endif /* VIRTIOFSD_SECCOMP_H */ |