-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: add support for SECCOMP_RET_KILL_PROCESS #96
Comments
Update: the patch is not upstream, the relevant kernel header files are defined in the commit below.
|
See potentially related issue with OpenMP in issue #93. |
See PR #109. |
@pcmoore, I'll rebase and squash the commits for this PR. I should be able to get to them this week. Thanks! |
@drakenclimber that would be helpful thank you. Please don't feel the need to squash everything. It sounds like you are familiar with upstream kernel development; if you use that as a guideline you should be in good shape. |
This patch adds support for killing the entire process via the SCMP_ACT_KILL_PROCESS action. To maintain backward compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD. This addresses GitHub Issue seccomp#96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
D'oh. Just saw your comment. I squashed everything into one commit, but I think I'll split this RFE into two commits - one for the actual code changes and one for the tests. Thanks. |
This patch adds support for killing the entire process via the SCMP_ACT_KILL_PROCESS action. To maintain backward compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD. This addresses GitHub Issue seccomp#96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
This addresses GitHub Issue seccomp#96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Quick update, it looks like support was added back into Linux v4.14. |
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com>
any update on this feature? |
Sorry @elmarco not yet. |
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com>
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com>
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com>
This patch adds support for killing the entire process via the SCMP_ACT_KILL_PROCESS action. To maintain backward compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD. Support for KILL_PROCESS was added into the Linux kernel in v4.14. This addresses GitHub Issue seccomp#96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
This addresses GitHub Issue seccomp#96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
@pcmoore - I have rebased the proposed changes on top of the latest master. Looks like TravisCI was happy with them :) Let me know if there's anything else you need for this RFE. https://github.com/drakenclimber/libseccomp/tree/issues/96-squashed4 |
This patch adds support for killing the entire process via the SCMP_ACT_KILL_PROCESS action. To maintain backward compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD. Support for KILL_PROCESS was added into the Linux kernel in v4.14. This addresses GitHub Issue seccomp#96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
This addresses GitHub Issue seccomp#96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
This patch adds support for killing the entire process via the SCMP_ACT_KILL_PROCESS action. To maintain backward compatibility, SCMP_ACT_KILL defaults to SCMP_ACT_KILL_THREAD. Support for KILL_PROCESS was added into the Linux kernel in v4.14. This addresses GitHub Issue #96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> [PM: minor comment tweak in seccomp.h.in] Signed-off-by: Paul Moore <paul@paul-moore.com>
This addresses GitHub Issue #96 - RFE: add support for SECCOMP_RET_KILL_PROCESS Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Resolved with PR #130. |
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com> (cherry picked from commit bda08a5) [LD: BSC#1106222 CVE-2018-15746] Signed-off-by: Larry Dewey <ldewey@suse.com>
RH-Author: Eduardo Otubo <otubo@redhat.com> Message-id: <20180928075639.16746-4-otubo@redhat.com> Patchwork-id: 82315 O-Subject: [RHEL-8 qemu-kvm PATCH 3/5] seccomp: prefer SCMP_ACT_KILL_PROCESS if available Bugzilla: 1618356 RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> RH-Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com> RH-Acked-by: Thomas Huth <thuth@redhat.com> From: Marc-André Lureau <marcandre.lureau@redhat.com> commit bda08a5 Author: Marc-André Lureau <marcandre.lureau@redhat.com> Date: Wed Aug 22 19:02:48 2018 +0200 seccomp: prefer SCMP_ACT_KILL_PROCESS if available The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com> Signed-off-by: Eduardo Otubo <otubo@rehdat.com> Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com> (cherry picked from commit bda08a5) *CVE-2018-15746 Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com> (cherry picked from commit bda08a5) [LD: BSC#1106222 CVE-2018-15746] Signed-off-by: Larry Dewey <ldewey@suse.com>
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com> (cherry picked from commit bda08a5) [LD: BSC#1106222 CVE-2018-15746] Signed-off-by: Larry Dewey <ldewey@suse.com>
The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS action (seccomp/libseccomp#96). SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the offending process, rather than having the SIGSYS handler running. Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still prefer SCMP_ACT_TRAP. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com> (cherry picked from commit bda08a5) [LD: BSC#1106222 CVE-2018-15746] Signed-off-by: Larry Dewey <ldewey@suse.com>
@kees added support for killing the entire process upstream, as of this moment it has yet to land in Linus' tree, but it will get their eventually.
The text was updated successfully, but these errors were encountered: