Join Log in
Score:0
Shiva Madhunala avatar Ubuntu

libseccomp seems to be not working as expected

mh flag
Shiva Madhunala 
int python_seccomp_rules(struct config *_config)
{
   // Syscalls blacklist array
    int syscalls_blacklist[] = {
        SCMP_SYS(fork), SCMP_SYS(vfork), SCMP_SYS(kill)
    };

    // Initializing seccomp context
    scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW);
    if (!ctx)
    {
        return LOAD_SECCOMP_FAILED;
    }

    // Blacklist specified syscalls
    int syscalls_blacklist_length = sizeof(syscalls_blacklist) / sizeof(int);
    for (int i = 0; i < syscalls_blacklist_length; i++)
    {
        if (seccomp_rule_add(ctx, SCMP_ACT_KILL, syscalls_blacklist[i], 0) != 0)
        {
            seccomp_release(ctx);
            return LOAD_SECCOMP_FAILED;
        }
    }
    
    // load seccomp into the kernel

When I traced it using strace command, I got the following output:

6885  15:57:14 seccomp(SECCOMP_SET_MODE_STRICT, 0x1, NULL) = -1 EINVAL (Invalid argument)
6885  15:57:14 seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, NULL) = -1 EFAULT (Bad address)
6885  15:57:14 seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_LOG, NULL) = -1 EFAULT (Bad address)
6885  15:57:14 seccomp(SECCOMP_GET_ACTION_AVAIL, 0, [SECCOMP_RET_LOG]) = 0
6885  15:57:14 seccomp(SECCOMP_GET_ACTION_AVAIL, 0, [SECCOMP_RET_KILL_PROCESS]) = 0
6885  15:57:14 seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_SPEC_ALLOW, NULL) = -1 EFAULT (Bad address)
6885  15:57:14 seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_NEW_LISTENER, NULL) = -1 EFAULT (Bad address)
6885  15:57:14 seccomp(SECCOMP_GET_NOTIF_SIZES, 0, {seccomp_notif=80, seccomp_notif_resp=24, seccomp_data=64}) = 0
6885  15:57:14 seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC_ESRCH, NULL) = -1 EFAULT (Bad address)
6885  15:57:14 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
6885  15:57:14 seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=30, filter=0x55a7aaa8b490}) = 0
22
0 + 1
guiverc avatar
cn flag
guiverc
Details in the title may **not** be readable on all devices when reading your question; there is no actual question currently, nor any OS/release detail mentioned & thus nothing currently on-topic for this site. Please refer https://askubuntu.com/help/on-topic and amend your question to make it clear & on-topic (*assuming it is on-topic; I currently see no connection as you appear to pasting programming details & haven't yet asked your question just made a statement about what you see with `strace` for an unstated OS*).
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.