diff options
| author | bptato <nincsnevem662@gmail.com> | 2024-10-23 17:35:03 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-10-23 19:08:39 +0200 |
| commit | 5c24b64fe5b242bdba68fe3d48489bed26b48eae (patch) | |
| tree | c7408078c44792314cac43cfa23ae5e56996630e /lib/chaseccomp/chaseccomp.h | |
| parent | b0bb61e830e76169f41db186b5946ae6859f4e6a (diff) | |
| download | chawan-5c24b64fe5b242bdba68fe3d48489bed26b48eae.tar.gz | |
sandbox: replace libseccomp with chaseccomp
This drops libseccomp as a dependency. Also, move the capsicum/pledge definitions from bindings to sandbox.nim because they are only used there. Interestingly, after integrating chaseccomp I found that the stbi process would mysteriously crash by a getrandom(2) syscall. Closer investigation revealed it is only called on the initialization of glibc's malloc; presumably it had never surfaced before because libseccomp would always allocate before entering the sandbox. So I've added getrandom to our filter as well.
Diffstat (limited to 'lib/chaseccomp/chaseccomp.h')
| -rw-r--r-- | lib/chaseccomp/chaseccomp.h | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/lib/chaseccomp/chaseccomp.h b/lib/chaseccomp/chaseccomp.h new file mode 100644 index 00000000..69d5aa43 --- /dev/null +++ b/lib/chaseccomp/chaseccomp.h @@ -0,0 +1,70 @@ +#include <stdint.h> + +/* + * seccomp + */ +#define SECCOMP_SET_MODE_FILTER 1 + +#define SECCOMP_RET_KILL_PROCESS 0x80000000u +#define SECCOMP_RET_ALLOW 0x7FFF0000u +#define SECCOMP_RET_TRAP 0x00030000u +#define SECCOMP_RET_ERRNO 0x00050000u +#define SECCOMP_RET_DATA 0x0000FFFFu + +struct seccomp_data { + int nr; + uint32_t arch; + uint64_t instruction_pointer; + uint64_t args[6]; +}; + +/* + * BPF + */ + +/* instruction classes */ +#define BPF_LD 0x00 +#define BPF_JMP 0x05 +#define BPF_RET 0x06 + +/* ld/ldx fields */ +#define BPF_ABS 0x20 +#define BPF_W 0x00 + +/* alu/jmp fields */ +#define BPF_JEQ 0x10 +#define BPF_JGT 0x20 + +#define BPF_K 0x00 + +struct sock_filter { + uint16_t code; + uint8_t jt; + uint8_t jf; + uint32_t k; +}; + +struct sock_fprog { + unsigned short len; + struct sock_filter *filter; +}; + +#define BPF_STMT(code, k) { (unsigned short)(code), 0, 0, k } +#define BPF_JUMP(code, k, jt, jf) { (unsigned short)(code), jt, jf, k } + +/* + * chaseccomp stuff + */ + +#define COUNTOF(x) (sizeof(x) / sizeof(*(x))) + +#define CHA_BPF_LOAD(field) \ + BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \ + (offsetof(struct seccomp_data, field))) + +/* Note: we always operate in BPF_K source mode, which equals 0. */ + +#define CHA_BPF_RET(val) BPF_STMT(BPF_RET | BPF_K, val) +#define CHA_BPF_JE(data, n) BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, data, n, 0) +#define CHA_BPF_JNE(data, m) BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, data, 0, m) +#define CHA_BPF_JLE(data, m) BPF_JUMP(BPF_JMP | BPF_JGT | BPF_K, data, 0, m) |