linux: Fail as unsupported if personality call is filtered

Container management default seccomp filter [1] only accepts
personality(2) with PER_LINUX, (0x0), UNAME26 (0x20000),
PER_LINUX32 (0x8), UNAME26 | PER_LINUX32, and 0xffffffff (to query
current personality)

Although the documentation only state it is blocked to prevent
'enabling BSD emulation' (PER_BSD, not implemented by Linux), checking
on repository log the real reason is to block ASLR disable flag
(ADDR_NO_RANDOMIZE) and other poorly support emulations.

So handle EPERM and fail as UNSUPPORTED if we can really check for
BZ#19408.

Checked on aarch64-linux-gnu.

[1] https://github.com/moby/moby/blob/master/profiles/seccomp/default.json

Reviewed-by: Florian Weimer <fweimer@redhat.com>
This commit is contained in:
Adhemerval Zanella 2023-06-02 10:19:48 -03:00
parent be9b883ddd
commit d4963a844d

View File

@ -19,27 +19,36 @@
#include <errno.h>
#include <sys/personality.h>
#include <support/check.h>
static int
do_test (void)
{
int rc = 0;
unsigned int test_persona = -EINVAL;
unsigned int saved_persona;
errno = 0xdefaced;
saved_persona = personality (0xffffffff);
if (personality (test_persona) != saved_persona
|| personality (0xffffffff) == -1
|| personality (PER_LINUX) == -1
|| personality (0xffffffff) != PER_LINUX
|| 0xdefaced != errno)
rc = 1;
unsigned int r = personality (test_persona);
if (r == -1)
{
/* The syscall argument might be filtered by kernel, so the
test can not check for the bug issue. */
if (errno == EPERM)
FAIL_UNSUPPORTED ("personality syscall argument are filtered");
FAIL_EXIT1 ("personality (%#x) failed: %m", test_persona);
}
(void) personality (saved_persona);
return rc;
TEST_COMPARE (r, saved_persona);
TEST_VERIFY (personality (0xffffffff) != -1);
TEST_VERIFY (personality (PER_LINUX) != -1);
TEST_COMPARE (personality (0xffffffff), PER_LINUX);
TEST_COMPARE (0xdefaced, errno);
personality (saved_persona);
return 0;
}
#define TEST_FUNCTION do_test ()
#include "../test-skeleton.c"
#include <support/test-driver.c>