forked from canonical/snapd
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
allow 'system-usernames' with libseccomp > 2.4 and golang-seccomp > 0…
….9.0 libseccomp < 2.4 generates unpredicatable BPFs where at runtime the policy enforcement for argument filtered rules is sometimes wrong. The BPF generation is known to be sensitive to rule order and while the PFC is correct, a disassembly of the BPF indicates problematic logic that is also sensitive to the runtime environment. Incorrect enforcement was observed with secondary architectures and differing kernel versions across different distros. libseccomp 2.4 includes a rewrite of the BPF to, in part, better handle argument filtering and it now generates predictable BPFs (as seen from the PFCs and BPF disassemblies) without the problematic logic that is sensitive to runtime environments. (As an aside, it also orders the syscalls based on priorities, which should yield performance gains for snaps with heavy syscall use). As such, require that the 'system-usernames' features be dependent on snap-seccomp being compiled against libseccomp >= 2.4. Likewise, due to seccomp/libseccomp-golang#22, golang-seccomp <= 0.9.0 cannot create correct BPFs for this feature. The package does not contain any version information, but we know that ActLog was implemented in the library after this issue was fixed, so base the decision on that. ActLog is first available in 0.9.1. References: canonical#6681
- Loading branch information
Jamie Strandboge
committed
Jul 22, 2019
1 parent
a7d9bf5
commit a6a5bc1
Showing
4 changed files
with
107 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters