How can I find all syscalls that have to be whitelisted for seccomp?


How can I find all syscalls that have to be whitelisted for seccomp?



I have an existing program that I would like to sandbox using seccomp (v2).



How can I find what seccomp rules I need to allow for the program?



I've tried adding seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(…), 0) for all syscalls printed by strace -xfc a.out, but apparently that wasn't enough, since I'm still getting "SIGSYS, Bad system call" when I run the program with seccomp.


seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(…), 0)


strace -xfc a.out




1 Answer
1



Probably the most reliable way is to switch your seccomp filter to return SECCOMP_RET_TRAP ("send catchable SIGSYS on error") rather than SECCOMP_RET_KILL ("kill the process with an uncatchable SIGSYS"), then print the siginfo_t from the signal handler, then commit suicide.


SECCOMP_RET_TRAP


SIGSYS


SECCOMP_RET_KILL


SIGSYS


siginfo_t





Is that equivalent to scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP);?
– Kornel
Jul 1 at 17:03


scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP);





Yes, that's one of the C-level libraries; I was answering at the syscall level since that's the same.
– o11c
Jul 1 at 20:56






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

Rothschild family

Image
"House of Rothschild" redirects here. For the film, see The House of Rothschild. For other uses, see Rothschild (disambiguation). Rothschild Jewish noble banking family Coat of arms granted to the Barons Rothschild in 1822 by Emperor Francis I of Austria Ethnicity Jewish Current region Western Europe (mainly United Kingdom, France, and Germany) [1] Etymology Rothschild (German): "red shield" Place of origin Frankfurter Judengasse, Frankfurt, Holy Roman Empire Founded 1760s (1577  ( 1577 ) ) Founder Mayer Amschel Rothschild (1744–1812) (Elchanan Rothschild, b. 1577) Titles List Freiherr von Rothschild (1822) Baronet, of Tring Park (1847) Baron Rothschild (1885) Traditions Judaism, Goût Rothschild Motto Concordia, Integritas, Industria (English: Harmony, Integrity, Industry ) Estate(s) List British properties Château de Ferrières Palais Rothschild Cadet branches List Austrian branch English branch French branch Neapolitan branch A Rothschild house,...
Read more

Cinema of Italy

Image
Cinema of Italy Some of the notable actors and filmmakers [a] No. of screens 3,217 (2011) [1]  • Per capita 5.9 per 100,000 (2011) [1] Main distributors Medusa Film (16.7%) Warner Bros. (13.8%) 20th Century Fox (13.7%) [2] Produced feature films (2013) [3] Total 167 Number of admissions (2013) [3] Total 97,380,572  • Per capita 1.50 (2012) [4] National films 30,208,422 (31.0%) Gross box office (2013) [3] Total €618 million National films €188 million (30.5%) The Cinema of Italy comprises the films made within Italy or by Italian directors. Since the development of the Italian film industry in the early 1900s, Italian filmmakers and performers have, at times, experienced both domestic and international success, and have influenced film movements throughout the world. As of 2014, Italian films have won 14 Academy Awards for Best Foreign Language Film, the most of any country, as well as 12 Palmes d'Or, the second-most ...
Read more