6594144541

Committed 21 Oct 2023 12:47AM UTC coverage: 93.463% (+0.8%) from 92.647%

Build # 6594144541

Build Type

Pull #26

github

Committed by

web-flow

Commit Message

Merge 72645d918 into 4430e795c

Pull Request Pull Request #26: Switch from libseccomp to seccompiler

Run Details

170 of 170 new or added lines in 5 files covered. (100.0%)

672 of 719 relevant lines covered (93.46%)

115.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/src/builtins/basic.rs

//! Contains a [`RuleSet`] for allowing base syscalls that all programs will need, and are not
//! dangerous for the most part.

use std::collections::HashMap;

use syscalls::Sysno;

use crate::{SeccompRule, RuleSet};

/// A [`RuleSet`] allowing basic required syscalls to do things like allocate memory, and also a few that are used by
/// Rust to set up panic handling and segfault handlers.
pub struct BasicCapabilities;
impl RuleSet for BasicCapabilities {
    fn simple_rules(&self) -> Vec<Sysno> {
        vec![
            // If you want to constrain memory mapping and memory allocation, you probably want to
            // write your own seccomp filters at that point.
            Sysno::brk,
            Sysno::mmap,
            Sysno::munmap,
            Sysno::madvise,
            Sysno::mlock,
            Sysno::mlock2,
            Sysno::mlockall,
            // TODO these could maybe be in a separate capability
            Sysno::mprotect,
            Sysno::munlock,
            Sysno::munlockall,

            // Rust installs a signal handler to distinguish stack overflows from other faults
            // https://github.com/iximeow/rust/blob/master/src/libstd/sys/unix/stack_overflow.rs#L46
            // (I learned this by getting a segfault when not allowing sigaction/etc and then
            // googling rust sigaltstack and finding this issue
            // https://github.com/rust-lang/rust/issues/69533)
            Sysno::sigaltstack,
            Sysno::rt_sigaction,
            Sysno::rt_sigprocmask,
            Sysno::rt_sigreturn,

            // Futex management
            Sysno::futex,
            Sysno::get_robust_list,
            Sysno::set_robust_list,

            // Readlink isn't dangerous because you still need to be able to open the file to do
            // anything with the resolved name.
            Sysno::readlink,

            // Getpid/tid is fine.
            Sysno::getpid,
            Sysno::gettid,

            // Get kernel info
            Sysno::uname,

            // Could maybe put in a separate ruleset
            Sysno::getrandom,

            // Thread affinity and yield seems okay to put here but I could be convinced to put it
            // in the Multiprocessing ruleset. they probably should be there.
            Sysno::sched_getaffinity, Sysno::sched_setaffinity,
            Sysno::sched_yield,

            // rseq is used in newer glibc for some initialization purposes.
            // It's kind of complicated but does not appear to be dangerous.
            Sysno::rseq,

            // Exiting is probably fine.
            Sysno::exit,
            Sysno::exit_group,
        ]
    }

    fn conditional_rules(&self) -> HashMap<Sysno, Vec<SeccompRule>> {
        HashMap::new()
    }

    fn name(&self) -> &'static str {
        "BasicCapabilities"
    }
}

1	//! Contains a [`RuleSet`] for allowing base syscalls that all programs will need, and are not
2	//! dangerous for the most part.
3
4	use std::collections::HashMap;
5
6	use syscalls::Sysno;
7
8	use crate::{SeccompRule, RuleSet};
9
10	/// A [`RuleSet`] allowing basic required syscalls to do things like allocate memory, and also a few that are used by
11	/// Rust to set up panic handling and segfault handlers.
12	pub struct BasicCapabilities;
13	impl RuleSet for BasicCapabilities {
14	fn simple_rules(&self) -> Vec<Sysno> {	41✔
15	vec![	41✔
16	// If you want to constrain memory mapping and memory allocation, you probably want to	41✔
17	// write your own seccomp filters at that point.	41✔
18	Sysno::brk,	41✔
19	Sysno::mmap,	41✔
20	Sysno::munmap,	41✔
21	Sysno::madvise,	41✔
22	Sysno::mlock,	41✔
23	Sysno::mlock2,	41✔
24	Sysno::mlockall,	41✔
25	// TODO these could maybe be in a separate capability	41✔
26	Sysno::mprotect,	41✔
27	Sysno::munlock,	41✔
28	Sysno::munlockall,	41✔
29		41✔
30	// Rust installs a signal handler to distinguish stack overflows from other faults	41✔
31	// https://github.com/iximeow/rust/blob/master/src/libstd/sys/unix/stack_overflow.rs#L46	41✔
32	// (I learned this by getting a segfault when not allowing sigaction/etc and then	41✔
33	// googling rust sigaltstack and finding this issue	41✔
34	// https://github.com/rust-lang/rust/issues/69533)	41✔
35	Sysno::sigaltstack,	41✔
36	Sysno::rt_sigaction,	41✔
37	Sysno::rt_sigprocmask,	41✔
38	Sysno::rt_sigreturn,	41✔
39		41✔
40	// Futex management	41✔
41	Sysno::futex,	41✔
42	Sysno::get_robust_list,	41✔
43	Sysno::set_robust_list,	41✔
44		41✔
45	// Readlink isn't dangerous because you still need to be able to open the file to do	41✔
46	// anything with the resolved name.	41✔
47	Sysno::readlink,	41✔
48		41✔
49	// Getpid/tid is fine.	41✔
50	Sysno::getpid,	41✔
51	Sysno::gettid,	41✔
52		41✔
53	// Get kernel info	41✔
54	Sysno::uname,	41✔
55		41✔
56	// Could maybe put in a separate ruleset	41✔
57	Sysno::getrandom,	41✔
58		41✔
59	// Thread affinity and yield seems okay to put here but I could be convinced to put it	41✔
60	// in the Multiprocessing ruleset. they probably should be there.	41✔
61	Sysno::sched_getaffinity, Sysno::sched_setaffinity,	41✔
62	Sysno::sched_yield,	41✔
63		41✔
64	// rseq is used in newer glibc for some initialization purposes.	41✔
65	// It's kind of complicated but does not appear to be dangerous.	41✔
66	Sysno::rseq,	41✔
67		41✔
68	// Exiting is probably fine.	41✔
69	Sysno::exit,	41✔
70	Sysno::exit_group,	41✔
71	]	41✔
72	}	41✔
73
74	fn conditional_rules(&self) -> HashMap<Sysno, Vec<SeccompRule>> {	41✔
75	HashMap::new()	41✔
76	}	41✔
77
78	fn name(&self) -> &'static str {	41✔
79	"BasicCapabilities"	41✔
80	}	41✔
81	}

boustrophedon / extrasafe / 6594144541

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous