git.ipfire.org Git - thirdparty/lldpd.git/commit

author	Vincent Bernat <bernat@luffy.cx>
	Sat, 12 Oct 2013 14:00:40 +0000 (16:00 +0200)
committer	Vincent Bernat <bernat@luffy.cx>
	Sat, 12 Oct 2013 14:53:23 +0000 (16:53 +0200)
commit	00e40dba232cf4f9c1943cea01147fb688e94e5e
tree	d6eb6758baf0051cc6cf1c47cb0b89e3592f3ee0	tree \| snapshot
parent	bde52887c7f4ad81908726285136c8cf30a3cffd	commit \| diff

seccomp: add support for seccomp through libseccomp

The support is only for the monitor process (running as root). It is
enabled when the monitor has been initiliazed, before the event loop.

The monitor has to open a lot of files and read them (files in /proc,
/sys). Moreover, for some files, it has to write to them (for example,
stdout, /dev/log and for writing interface aliases). Therefore, there
are many registered syscalls. It should be possible to filter more but
this would require some efforts.

Becuase it is difficult to reliably report errors to the user and we
may have to execute arbitrary code because we need to resolve
hostnames (and therefore, connect to nscd, LDAP or anything else
handled by NSS), this does not seem to be reliable enough, yet.

Moreover, displaying failed syscall is a bit hackhish.

Maybe we could enable it by default if we change the default behaviour
from killing the offending process to just return a failed errno. Or
just logging the problem.

NEWS		diff \| blob \| blame \| history
configure.ac		diff \| blob \| blame \| history
m4/seccomp.m4	[new file with mode: 0644]	blob
src/daemon/Makefile.am		diff \| blob \| blame \| history
src/daemon/lldpd.h		diff \| blob \| blame \| history
src/daemon/priv-seccomp.c	[new file with mode: 0644]	blob
src/daemon/priv.c		diff \| blob \| blame \| history