update TODO

[thirdparty/systemd.git] / src / shared / seccomp-util.h
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h

index 5915ceb9a395a7fa5cf578b8ad5f20c414328914..ef970434c6b0ab9fc100f585bf6255a77eb33f52 100644 (file)
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -1,25 +1,6 @@
  /* SPDX-License-Identifier: LGPL-2.1+ */
  #pragma once
  
-/***
-  This file is part of systemd.
-
-  Copyright 2014 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-***/
-
  #include <seccomp.h>
  #include <stdbool.h>
  #include <stdint.h>
@@ -57,6 +38,7 @@ enum {
          SYSCALL_FILTER_SET_MOUNT,
          SYSCALL_FILTER_SET_NETWORK_IO,
          SYSCALL_FILTER_SET_OBSOLETE,
+        SYSCALL_FILTER_SET_PKEY,
          SYSCALL_FILTER_SET_PRIVILEGED,
          SYSCALL_FILTER_SET_PROCESS,
          SYSCALL_FILTER_SET_RAW_IO,
@@ -66,6 +48,7 @@ enum {
          SYSCALL_FILTER_SET_SIGNAL,
          SYSCALL_FILTER_SET_SWAP,
          SYSCALL_FILTER_SET_SYNC,
+        SYSCALL_FILTER_SET_SYSTEM_SERVICE,
          SYSCALL_FILTER_SET_TIMER,
          _SYSCALL_FILTER_SET_MAX
  };
@@ -76,33 +59,36 @@ const SyscallFilterSet *syscall_filter_set_find(const char *name);
  
  int seccomp_filter_set_add(Hashmap *s, bool b, const SyscallFilterSet *set);
  
-int seccomp_add_syscall_filter_item(scmp_filter_ctx *ctx, const char *name, uint32_t action, char **exclude);
+int seccomp_add_syscall_filter_item(scmp_filter_ctx *ctx, const char *name, uint32_t action, char **exclude, bool log_missing);
  
-int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilterSet *set, uint32_t action);
-int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, uint32_t action);
+int seccomp_load_syscall_filter_set(uint32_t default_action, const SyscallFilterSet *set, uint32_t action, bool log_missing);
+int seccomp_load_syscall_filter_set_raw(uint32_t default_action, Hashmap* set, uint32_t action, bool log_missing);
  
  typedef enum SeccompParseFlags {
-        SECCOMP_PARSE_INVERT     = 1U << 0,
-        SECCOMP_PARSE_WHITELIST  = 1U << 1,
-        SECCOMP_PARSE_LOG        = 1U << 2,
-        SECCOMP_PARSE_PERMISSIVE = 1U << 3,
+        SECCOMP_PARSE_INVERT     = 1 << 0,
+        SECCOMP_PARSE_ALLOW_LIST = 1 << 1,
+        SECCOMP_PARSE_LOG        = 1 << 2,
+        SECCOMP_PARSE_PERMISSIVE = 1 << 3,
  } SeccompParseFlags;
  
-int seccomp_parse_syscall_filter_full(
-                const char *name, int errno_num, Hashmap *filter, SeccompParseFlags flags,
-                const char *unit, const char *filename, unsigned line);
-
-static inline int seccomp_parse_syscall_filter(const char *name, int errno_num, Hashmap *filter, SeccompParseFlags flags) {
-        return seccomp_parse_syscall_filter_full(name, errno_num, filter, flags, NULL, NULL, 0);
-}
+int seccomp_parse_syscall_filter(
+                const char *name,
+                int errno_num,
+                Hashmap *filter,
+                SeccompParseFlags flags,
+                const char *unit,
+                const char *filename, unsigned line);
  
  int seccomp_restrict_archs(Set *archs);
  int seccomp_restrict_namespaces(unsigned long retain);
  int seccomp_protect_sysctl(void);
-int seccomp_restrict_address_families(Set *address_families, bool whitelist);
+int seccomp_protect_syslog(void);
+int seccomp_restrict_address_families(Set *address_families, bool allow_list);
  int seccomp_restrict_realtime(void);
  int seccomp_memory_deny_write_execute(void);
  int seccomp_lock_personality(unsigned long personality);
+int seccomp_protect_hostname(void);
+int seccomp_restrict_suid_sgid(void);
  
  extern const uint32_t seccomp_local_archs[];
  
@@ -111,6 +97,14 @@ extern const uint32_t seccomp_local_archs[];
               seccomp_local_archs[_i] != (uint32_t) -1;                  \
               (arch) = seccomp_local_archs[++_i])
  
+/* EACCES: does not have the CAP_SYS_ADMIN or no_new_privs == 1
+ * ENOMEM: out of memory, failed to allocate space for a libseccomp structure, or would exceed a defined constant
+ * EFAULT: addresses passed as args (by libseccomp) are invalid */
+#define ERRNO_IS_SECCOMP_FATAL(r)                                       \
+        IN_SET(abs(r), EPERM, EACCES, ENOMEM, EFAULT)
+
  DEFINE_TRIVIAL_CLEANUP_FUNC(scmp_filter_ctx, seccomp_release);
  
-int parse_syscall_archs(char **l, Set **archs);
+int parse_syscall_archs(char **l, Set **ret_archs);
+
+uint32_t scmp_act_kill_process(void);