Re: [PATCH v6 3/6] seccomp: Sysctl to configure actions that are allowed to be logged
From: Kees Cook
Date: Fri Aug 11 2017 - 15:17:14 EST
On Thu, Aug 10, 2017 at 9:33 PM, Tyler Hicks <tyhicks@xxxxxxxxxxxxx> wrote:
> +static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int write,
> + void __user *buffer, size_t *lenp,
> + loff_t *ppos)
> +{
> + char names[sizeof(seccomp_actions_avail)];
> + struct ctl_table table;
> + int ret;
> +
> + if (write && !capable(CAP_SYS_ADMIN))
> + return -EPERM;
> +
> + memset(names, 0, sizeof(names));
> +
> + if (!write) {
> + if (!seccomp_names_from_actions_logged(names, sizeof(names),
> + seccomp_actions_logged))
> + return -EINVAL;
> + }
> +
> + table = *ro_table;
> + table.data = names;
> + table.maxlen = sizeof(names);
> + ret = proc_dostring(&table, write, buffer, lenp, ppos);
> + if (ret)
> + return ret;
> +
> + if (write) {
> + u32 actions_logged;
> +
> + if (!seccomp_actions_logged_from_names(&actions_logged,
> + table.data))
> + return -EINVAL;
> +
> + if (actions_logged & SECCOMP_LOG_ALLOW)
> + return -EINVAL;
> +
> + seccomp_actions_logged = actions_logged;
> + }
> +
> + return 0;
> +}
One thought here: should "kill" be always forced on during a write?
This flag effectively cannot be disabled, so listing it (or not) in
the sysctl may be confusing...
-Kees
--
Kees Cook
Pixel Security