alois31/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

libstore/build: block io_uring

Browse source 
Unfortunately, io_uring is totally opaque to seccomp, and while currently there
are no dangerous operations implemented, there is no guarantee that it remains
this way. This means that io_uring should be blocked entirely to ensure that
the sandbox is future-proof. This has not been observed to cause issues in
practice.

Change-Id: I45d3895f95abe1bc103a63969f444c334dbbf50d
This commit is contained in:
alois31 2024-07-01 09:18:01 +02:00
parent 4d3c69af70
commit dbbb7a83b6
Signed by: alois31
GPG key ID: E0F59EA5E5216914
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/libstore/build/local-derivation-goal.cc
View file

@ -1588,9 +1588,9 @@ void setupSeccomp()
allowSyscall(ctx, SCMP_SYS(ioprio_set)); allowSyscall(ctx, SCMP_SYS(ioprio_set));
allowSyscall(ctx, SCMP_SYS(io_setup)); allowSyscall(ctx, SCMP_SYS(io_setup));
allowSyscall(ctx, SCMP_SYS(io_submit)); allowSyscall(ctx, SCMP_SYS(io_submit));
allowSyscall(ctx, SCMP_SYS(io_uring_enter)); // skip io_uring_enter (may become dangerous)
allowSyscall(ctx, SCMP_SYS(io_uring_register)); // skip io_uring_register (may become dangerous)
allowSyscall(ctx, SCMP_SYS(io_uring_setup)); // skip io_uring_setup (may become dangerous)
allowSyscall(ctx, SCMP_SYS(ipc)); allowSyscall(ctx, SCMP_SYS(ipc));
allowSyscall(ctx, SCMP_SYS(kcmp)); allowSyscall(ctx, SCMP_SYS(kcmp));
allowSyscall(ctx, SCMP_SYS(kexec_file_load)); allowSyscall(ctx, SCMP_SYS(kexec_file_load));