Re: Testing chrony seccomp support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 18, 2016 at 11:02:44AM +0100, Nikos Mavrogiannopoulos wrote:
> As Florian suggested it makes more sense to compartmentalize chrony so
> that only a small controlled part of it needs to run with seccomp. My
> recommendation, if you want to use libraries in the filtered code, make
> their authors aware of that, so that they document any changes in the
> used system calls, and if possible ask them to document the existing
> system calls used (e.g., similarly to:
> http://www.gnutls.org/manual/html_node/Running-in-a-sandbox.html ;)

chronyd doesn't use libc for much more than that. There is memory
allocation, reading/writing system clock, reading/writing/moving
files, creating/connecting/binding sockets, receiving/sending
packets, and select(). Name resolving is now out of the filter. The
only other library that's currently used after the seccomp filter is
loaded is freebl3 from NSS.

I guess some of that could be moved to the helper process. If only the
most dangerous code (whatever that is) should run with seccomp, I'm
not sure if there is a layer where a clean small cut could be made. I
suspect the interface between the two processes would be huge and it
would bloat the code significantly.

-- 
Miroslav Lichvar
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux