diff --git a/src/swtpm/cuse_tpm.c b/src/swtpm/cuse_tpm.c index 07e83d2..b534189 100644 --- a/src/swtpm/cuse_tpm.c +++ b/src/swtpm/cuse_tpm.c @@ -58,6 +58,10 @@ #include +#ifdef WITH_SECCOMP +# include +#endif + #include #include #include @@ -75,6 +79,7 @@ #include "main.h" #include "utils.h" #include "threadpool.h" +#include "seccomp_profile.h" /* maximum size of request buffer */ #define TPM_REQ_MAX 4096 @@ -129,6 +134,8 @@ struct cuse_param { char *piddata; char *tpmstatedata; char *localitydata; + char *seccompdata; + unsigned int seccomp_action; }; /* single message to send to the worker thread */ @@ -217,6 +224,15 @@ static const char *usage = "-r|--runas : after creating the CUSE device, change to the given\n" " user\n" "--tpm2 : choose TPM2 functionality\n" +#ifdef WITH_SECCOMP +# ifndef SCMP_ACT_LOG +"--seccomp action=none|kill\n" +# else +"--seccomp action=none|kill|log\n" +# endif +" : Choose the action of the seccomp profile when a\n" +" blacklisted syscall is executed; default is kill\n" +#endif "-h|--help : display this help screen and terminate\n" "\n"; @@ -1289,17 +1305,27 @@ static void ptm_init_done(void *userdata) /* at this point the entry in /dev/ is available */ if (pidfile_write(getpid()) < 0) { - ptm_cleanup(); - exit(-13); + ret = -13; + goto error_exit; } if (param->runas) { ret = change_process_owner(param->runas); - if (ret) { - ptm_cleanup(); - exit(ret); - } + if (ret) + goto error_exit; } + + if (create_seccomp_profile(true, param->seccomp_action) < 0) { + ret = -14; + goto error_exit; + } + + return; + +error_exit: + ptm_cleanup(); + + exit(ret); } static void ptm_cleanup(void) @@ -1327,13 +1353,14 @@ ptm_cuse_lowlevel_main(int argc, char *argv[], const struct cuse_info *ci, { int mt; int ret; + struct cuse_param *param = userdata; ptm_fuse_session = cuse_lowlevel_setup(argc, argv, ci, clop, &mt, userdata); if (ptm_fuse_session == NULL) return 1; - if (mt) + if (param->seccomp_action == SWTPM_SECCOMP_ACTION_NONE && mt) ret = fuse_session_loop_mt(ptm_fuse_session); else ret = fuse_session_loop(ptm_fuse_session); @@ -1369,6 +1396,9 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac {"tpm2" , no_argument, 0, '2'}, {"help" , no_argument, 0, 'h'}, {"version" , no_argument, 0, 'v'}, +#ifdef WITH_SECCOMP + {"seccomp" , required_argument, 0, 'S'}, +#endif {NULL , 0 , 0, 0 }, }; struct cuse_info cinfo; @@ -1465,6 +1495,9 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac case '2': tpmversion = TPMLIB_TPM_VERSION_2; break; + case 'S': + param.seccompdata = optarg; + break; case 'h': /* help */ fprintf(stdout, usage, prgname, iface); goto exit; @@ -1509,6 +1542,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac handle_migration_key_options(param.migkeydata) < 0 || handle_pid_options(param.piddata) < 0 || handle_tpmstate_options(param.tpmstatedata) < 0 || + handle_seccomp_options(param.seccompdata, ¶m.seccomp_action) < 0 || handle_locality_options(param.localitydata, &locality_flags) < 0) { ret = -3; goto exit; diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c index 5f2d9bb..d454130 100644 --- a/src/swtpm/swtpm.c +++ b/src/swtpm/swtpm.c @@ -50,6 +50,10 @@ #include #include +#ifdef WITH_SECCOMP +# include +#endif + #include #include #include @@ -69,6 +73,7 @@ #include "tpmstate.h" #include "sys_dependencies.h" #include "osx.h" +#include "seccomp_profile.h" /* local variables */ static int notify_fd[2] = {-1, -1}; @@ -170,6 +175,15 @@ static void usage(FILE *file, const char *prgname, const char *iface) " send an INIT via control channel;\n" "-r|--runas : change to the given user\n" "--tpm2 : choose TPM2 functionality\n" +#ifdef WITH_SECCOMP +# ifndef SCMP_ACT_LOG + "--seccomp action=none|kill\n" +# else + "--seccomp action=none|kill|log\n" +# endif + " : Choose the action of the seccomp profile when a\n" + " blacklisted syscall is executed; default is kill\n" +#endif "-h|--help : display this help screen and terminate\n" "\n", prgname, iface); @@ -210,6 +224,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) char *ctrlchdata = NULL; char *serverdata = NULL; char *flagsdata = NULL; + char *seccompdata = NULL; char *runas = NULL; int sock_type = 0; socklen_t len = 0; @@ -217,6 +232,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) #ifdef DEBUG time_t start_time; #endif + unsigned int seccomp_action; static struct option longopts[] = { {"daemon" , no_argument, 0, 'd'}, {"help" , no_argument, 0, 'h'}, @@ -234,6 +250,9 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) {"ctrl" , required_argument, 0, 'C'}, {"flags" , required_argument, 0, 'F'}, {"tpm2" , no_argument, 0, '2'}, +#ifdef WITH_SECCOMP + {"seccomp" , required_argument, 0, 'S'}, +#endif {NULL , 0 , 0, 0 }, }; @@ -359,6 +378,10 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) runas = optarg; break; + case 'S': + seccompdata = optarg; + break; + default: usage(stderr, prgname, iface); exit(EXIT_FAILURE); @@ -407,6 +430,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) handle_pid_options(piddata) < 0 || handle_locality_options(localitydata, &mlp.locality_flags) < 0 || handle_tpmstate_options(tpmstatedata) < 0 || + handle_seccomp_options(seccompdata, &seccomp_action) < 0 || handle_flags_options(flagsdata, &need_init_cmd) < 0) { goto exit_failure; } @@ -468,8 +492,12 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) if (install_sighandlers(notify_fd, sigterm_handler) < 0) goto error_no_sighandlers; + if (create_seccomp_profile(false, seccomp_action) < 0) + goto error_seccomp_profile; + rc = mainLoop(&mlp, notify_fd[0]); +error_seccomp_profile: uninstall_sighandlers(); error_no_sighandlers: diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c index bdb63f9..c75a4ab 100644 --- a/src/swtpm/swtpm_chardev.c +++ b/src/swtpm/swtpm_chardev.c @@ -50,6 +50,10 @@ #include #include +#ifdef WITH_SECCOMP +# include +#endif + #include #include #include @@ -71,6 +75,7 @@ #endif #include "tpmstate.h" #include "osx.h" +#include "seccomp_profile.h" /* local variables */ static int notify_fd[2] = {-1, -1}; @@ -191,6 +196,15 @@ static void usage(FILE *file, const char *prgname, const char *iface) " send an INIT via control channel; not needed when using\n" " --vtpm-proxy\n" "--tpm2 : choose TPM2 functionality\n" +#ifdef WITH_SECCOMP +# ifndef SCMP_ACT_LOG + "--seccomp action=none|kill\n" +# else + "--seccomp action=none|kill|log\n" +# endif + " : Choose the action of the seccomp profile when a\n" + " blacklisted syscall is executed; default is kill\n" +#endif "-h|--help : display this help screen and terminate\n" "\n", prgname, iface); @@ -227,6 +241,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i char *tpmstatedata = NULL; char *ctrlchdata = NULL; char *flagsdata = NULL; + char *seccompdata = NULL; char *runas = NULL; #ifdef WITH_VTPM_PROXY bool use_vtpm_proxy = false; @@ -235,6 +250,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i time_t start_time; #endif bool need_init_cmd = true; + unsigned int seccomp_action; static struct option longopts[] = { {"daemon" , no_argument, 0, 'd'}, {"help" , no_argument, 0, 'h'}, @@ -253,6 +269,9 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i {"vtpm-proxy", no_argument, 0, 'v'}, #endif {"tpm2" , no_argument, 0, '2'}, +#ifdef WITH_SECCOMP + {"seccomp" , required_argument, 0, 'S'}, +#endif {NULL , 0 , 0, 0 }, }; @@ -367,6 +386,10 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i break; #endif + case 'S': + seccompdata = optarg; + break; + default: usage(stderr, prgname, iface); exit(EXIT_FAILURE); @@ -452,6 +475,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i handle_migration_key_options(migkeydata) < 0 || handle_pid_options(piddata) < 0 || handle_tpmstate_options(tpmstatedata) < 0 || + handle_seccomp_options(seccompdata, &seccomp_action) < 0 || handle_flags_options(flagsdata, &need_init_cmd) < 0) { goto exit_failure; } @@ -499,11 +523,15 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i if (install_sighandlers(notify_fd, sigterm_handler) < 0) goto error_no_sighandlers; + if (create_seccomp_profile(false, seccomp_action) < 0) + goto error_seccomp_profile; + mlp.flags |= MAIN_LOOP_FLAG_USE_FD | MAIN_LOOP_FLAG_KEEP_CONNECTION | \ MAIN_LOOP_FLAG_END_ON_HUP; rc = mainLoop(&mlp, notify_fd[0]); +error_seccomp_profile: uninstall_sighandlers(); error_no_sighandlers: