SECCOMP filter so that dhcpcd can use SECCOMP once more.
Or convince the libc/kernel people to adpot something more maintainable
like FreeBSD's capsicum or OpenBSD's pledge.
+To test ASAN with privsep you need to add ASAN to CPPFLAGS.
+To test Valgrind with privsep you can optionally add VALGRIND to CPPFLAGS.
+For both they need some syscalls which are potentially dangerous and thus
+are disabled by default.
+For Valgrind, it needs to unlink the pipe files which it can't do anyway
+as it's dropped permissions. Otherwise it works fine.
## Init systems
We try and detect how dhcpcd should interact with system services at runtime.
/* These are for compiling with address sanitization */
#ifdef ASAN
-#ifdef __NR_futex
- SECCOMP_ALLOW(__NR_futex),
-#endif
#ifdef __NR_openat
SECCOMP_ALLOW(__NR_openat),
#endif
#endif
/* coredumps */
+#ifdef __NR_tgkill
+ SECCOMP_ALLOW(__NR_tgkill),
+#endif
+#endif
+
+/* valgrind */
+#ifdef __NR_futex
+ SECCOMP_ALLOW(__NR_futex),
+#endif
#ifdef __NR_gettid
SECCOMP_ALLOW(__NR_gettid),
#endif
-#ifdef __NR_tgkill
- SECCOMP_ALLOW(__NR_tgkill),
+#ifdef __NR_rt_sigtimedwait
+ SECCOMP_ALLOW(__NR_rt_sigtimedwait),
+#endif
+#ifdef VALGRIND
+#ifdef __NR_unlink
+ /* This is dangerous, and also pointless as in privsep
+ * we are no longer root and thus cannot unlink the valgrind
+ * pipes anyway. */
+ SECCOMP_ALLOW(__NR_unlink),
+#endif
+#endif
+
+/* hardened-malloc */
+#ifdef __NR_mprotect
+ SECCOMP_ALLOW(__NR_mprotect),
+#endif
+#ifdef __NR_mremap
+ SECCOMP_ALLOW(__NR_mremap),
+#endif
+#ifdef __NR_pkey_alloc
+ SECCOMP_ALLOW(__NR_pkey_alloc),
#endif
+#ifdef __NR_pkey_mprotect
+ SECCOMP_ALLOW(__NR_pkey_mprotect),
#endif
/* Deny everything else */
projects / thirdparty / dhcpcd.git / commitdiff
