mirror of
https://https.git.savannah.gnu.org/git/guix.git/
synced 2025-07-10 16:50:43 +02:00
b79100ef61
glibc currently will insist on using 'socketcall' on i686-linux unless built with '--enable-kernel=4.3.0' or above, even on systems that have dedicated system calls available for all the socket-related functionality. This behavior breaks the assumption that socketcall can be safely blocked without impacting functionality in slirp4netns, rendering the seccomp filter unusable with those glibcs. This change makes the slirp4netns seccomp filter opt-in on systems with a 'socketcall' system call. It can either be opted-into at compile-time or at runtime using the NO_SOCKETCALL_LIBC preprocessor define or the GUIX_FORCE_SECCOMP environment variable, respectively. The seccomp filter being disabled on these systems means that it is possible for a compromised slirp4netns to access abstract unix domain sockets in the root network namespace. It does not affect any of the other mechanisms used to isolate slirp4netns (e.g. chroot, namespaces, etc). Fixes guix/guix#808. * nix/libstore/build.cc (spawnSlirp4netns) [__NR_socketcall]: Do not add seccomp filter, unless ‘GUIX_FORCE_SECCOMP’ is set. Change-Id: Ibfe8becc9431f5aff11a21f06858b20496f9cb4a Signed-off-by: Ludovic Courtès <ludo@gnu.org> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| build.cc | ||
| builtins.cc | ||
| builtins.hh | ||
| derivations.cc | ||
| derivations.hh | ||
| gc.cc | ||
| globals.cc | ||
| globals.hh | ||
| local-store.cc | ||
| local-store.hh | ||
| misc.cc | ||
| misc.hh | ||
| optimise-store.cc | ||
| pathlocks.cc | ||
| pathlocks.hh | ||
| references.cc | ||
| references.hh | ||
| sqlite.cc | ||
| sqlite.hh | ||
| store-api.cc | ||
| store-api.hh | ||
| worker-protocol.hh | ||