On Mon, Jun 15, 2020 at 08:25:13PM -0700, Kees Cook wrote:
Hello!
This is a bit of thread-merge between [1] and [2]. tl;dr: add a way for a seccomp user_notif process manager to inject files into the managed process in order to handle emulation of various fd-returning syscalls across security boundaries. Containers folks and Chrome are in need of the feature, and investigating this solution uncovered (and fixed) implementation issues with existing file sending routines.
I intend to carry this in the seccomp tree, unless someone has objections. :) Please review and test!
-Kees
[1] https://lore.kernel.org/lkml/20200603011044.7972-1-sargun@sargun.me/ [2] https://lore.kernel.org/lkml/20200610045214.1175600-1-keescook@chromium.org/
Kees Cook (9): net/scm: Regularize compat handling of scm_detach_fds() fs: Move __scm_install_fd() to __fd_install_received() fs: Add fd_install_received() wrapper for __fd_install_received() pidfd: Replace open-coded partial fd_install_received() fs: Expand __fd_install_received() to accept fd selftests/seccomp: Make kcmp() less required selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall() seccomp: Switch addfd to Extensible Argument ioctl seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
This looks much cleaner than the original patchset. Thanks.
Reviewed-by: Sargun Dhillon sargun@sargun.me
on the pidfd, change fs* changes.
Sargun Dhillon (2): seccomp: Introduce addfd ioctl to seccomp user notifier selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD
fs/file.c | 65 ++++ include/linux/file.h | 16 + include/uapi/linux/seccomp.h | 25 +- kernel/pid.c | 11 +- kernel/seccomp.c | 181 ++++++++- net/compat.c | 55 ++- net/core/scm.c | 50 +-- tools/testing/selftests/seccomp/seccomp_bpf.c | 350 +++++++++++++++--- 8 files changed, 618 insertions(+), 135 deletions(-)
-- 2.25.1