In the interest of "release early, release often":
https://github.com/amluto/libseccomp/commits/raw-syscall
There are five commits in there. The first two are fixes I've already
sent out. The other three make this code:
import os
import pdb
import seccomp
seccomp.set_trap_handler(seccomp.trace_trapped_syscall)
f = seccomp.SyscallFilter(seccomp.ALLOW)
f.add_rule(seccomp.TRAP, 'getgid')
f.load()
def bad():
os.getgid()
bad()
print 'Unreachable'
Print this:
Dying due to seccomp-blocked syscall getgid(0x0, 0x0, 0x4, 0x0, 0x0,
0x3AD8F13240)
Traceback (most recent call last):
File "test.py", line 10, in <module>
bad()
File "test.py", line 9, in bad
os.getgid()
This works on x86_64, x86_32, x86_32-on-x86_64, and ARM. It may or
may not work on x32 -- I haven't tried it. I suspect that x32 is a
bit broken due to the fact that SCMP_ARCH_X32 != AUDIT_ARCH_X86_64, so
arch_syscall_resolve_name won't work. I'd argue that x86_64 should
recognize names prefixed with x32_ and set the x32 bit, but this is
debatable. In any case, the decoder itself should be fine.
It may be mergeable as is. Before it gets released, though, I want to
add one more feature: setting the trapped syscall's return value.
That way you could have a trap handler emulate syscalls instead of
just logging and dying.
Longer term, I think that we'll want a (preferably auto-generated)
list of syscalls along with signatures so that add_rule can map args
correctly (I assume it currently assumes that the logical arg 0 lives
in the args[0] slot, etc) and so that the SIGSYS decoder can map back
to logical arguments. In the mean time, this is still useful.
--Andy
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
