Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hooks to run code in the child process before and after setting up the sandbox #37

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Add hooks to run code in the child process before and after setting up the sandbox #37

wants to merge 10 commits into from

Commits on Sep 29, 2017

  1. Avoid printing confusing panic message when the test succeeds

    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    3a55e27 View commit details
    Browse the repository at this point in the history

  2. Fix bug when launching multiple children 

    Parallelizing the forbidden_syscalls test exposes the bug and
also reduces test time on my 4-core Skylake laptop:

Before:
[roc@glory gaol]$ time target/debug/deps/forbidden_syscalls-6fdc4dd40a646c6f
real	0m41.322s
user	0m0.590s
sys	0m1.452s

After:
[roc@glory gaol]$ time target/debug/deps/forbidden_syscalls-6fdc4dd40a646c6f
real	0m14.915s
user	0m0.248s
sys	0m0.980s
    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    f3cede2 View commit details
    Browse the repository at this point in the history

  3. Add support for allowing new process creation

    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    adcde28 View commit details
    Browse the repository at this point in the history

  4. Allow arch_prctl GET/SET_FS/GS 

    glibc uses this during process startup.
    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    3607477 View commit details
    Browse the repository at this point in the history

  5. Allow set_tid_address 

    glibc uses this during startup
    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    6065617 View commit details
    Browse the repository at this point in the history

  6. Allow rt_sigaction/rt_sigprocmask since signal-handling is allowed

    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    c6da6b3 View commit details
    Browse the repository at this point in the history

  7. Allow get/setrlimit syscalls 

    Sandboxed processes should be able to use these to reduce their limits.
In a future commit we will turn all soft limits into hard limits so
it's impossible for a sandboxed child to increase any of its limits.

glibc uses prlimit64 during startup.
    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    43930e6 View commit details
    Browse the repository at this point in the history

  8. Allow getting the current time 

    time/gettimeofday are generally called through the vDSO without
entering the kernel so blocking them with seccomp doesn't really work
anyway.

Having sandboxed children fail only when the vDSO is disabled (e.g.
when running under rr) is a problem.
    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    4ab80ac View commit details
    Browse the repository at this point in the history

  9. Support before_sandbox/before_exec callbacks to set up subprocess env… 

    …ironment

This commit is a bit oversized... adding support for these callbacks required
creating a way to pass errors back to the parent process, which inspired
fixing the error handling in start(), which uncovered some bugs in start():
* Immediate child process leaked as a zombie
* pipe_fds[0] leaked in parent
* pipe_fds[1] leaked into grandchild
    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    7502de7 View commit details
    Browse the repository at this point in the history

  10. Make all soft resource limits into hard limits

    @rocallahan
    rocallahan committed Sep 29, 2017
    Configuration menu
    Copy the full SHA
    07761bc View commit details
    Browse the repository at this point in the history