Merge pull request #2972 from brauner/2019-05-02/seccomp_notify_mem_fd

seccomp: send process memory fd

Merge pull request #2972 from brauner/2019-05-02/seccomp_notify_mem_fd
9e1accb9 · Stéphane Graber · GitHub · 99b68bdb · 5ed06d3a · 9e1accb9
Unverified Commit 9e1accb9 authored May 02, 2019 by Stéphane Graber Committed by GitHub May 02, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 2 deletions

af_unix.c src/lxc/af_unix.c +6 -0

af_unix.h src/lxc/af_unix.h +2 -0

seccomp.c src/lxc/seccomp.c +25 -2

No files found.
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -199,6 +199,12 @@ again:
 	return ret;
 }
+int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
+		      size_t size)
+{
+	return lxc_abstract_unix_send_fds(fd, sendfds, num_sendfds, data, size);
+}
 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
 			       void *data, size_t size)
 {

--- a/src/lxc/af_unix.h
+++ b/src/lxc/af_unix.h
@@ -35,6 +35,8 @@ extern void lxc_abstract_unix_close(int fd);
 extern int lxc_abstract_unix_connect(const char *path);
 extern int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
 				      void *data, size_t size);
+extern int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
+			     size_t size);
 extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
 				      void *data, size_t size);
 extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size);

--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1335,8 +1335,10 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 {
 #if HAVE_DECL_SECCOMP_NOTIF_GET_FD
+	__do_close_prot_errno int fd_mem = -EBADF;
 	int reconnect_count, ret;
 	ssize_t bytes;
+	char mem_path[6 + 21 + 5];
 	struct lxc_handler *hdlr = data;
 	struct lxc_conf *conf = hdlr->conf;
 	struct seccomp_notif *req = conf->seccomp.notifier.req_buf;
@@ -1355,14 +1357,33 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 		goto out;
 	}
+	snprintf(mem_path, sizeof(mem_path), "/proc/%d/mem", req->pid);
+	fd_mem = open(mem_path, O_RDONLY | O_CLOEXEC);
+	if (fd_mem < 0) {
+		(void)seccomp_notify_default_answer(fd, req, resp, hdlr);
+		SYSERROR("Failed to open process memory for seccomp notify request");
+		goto out;
+	}
+	/*
+	 * Make sure that the fd for /proc/<pid>/mem we just opened still
+	 * refers to the correct process's memory.
+	 */
+	ret = seccomp_notif_id_valid(fd, req->id);
+	if (ret < 0) {
+		(void)seccomp_notify_default_answer(fd, req, resp, hdlr);
+		SYSERROR("Invalid seccomp notify request id");
+		goto out;
+	}
 	memcpy(&msg.req, req, sizeof(msg.req));
 	msg.monitor_pid = hdlr->monitor_pid;
 	msg.init_pid = hdlr->pid;
 	reconnect_count = 0;
 	do {
-		bytes = lxc_send_nointr(listener_proxy_fd, &msg, sizeof(msg),
+		bytes = lxc_unix_send_fds(listener_proxy_fd, &fd_mem, 1, &msg,
-					MSG_NOSIGNAL);
+					  sizeof(msg));
 		if (bytes != (ssize_t)sizeof(msg)) {
 			SYSERROR("Failed to forward message to seccomp proxy");
 			if (seccomp_notify_default_answer(fd, req, resp, hdlr))
@@ -1370,6 +1391,8 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 		}
 	} while (reconnect_count++);
+	close_prot_errno_disarm(fd_mem);
 	reconnect_count = 0;
 	do {
 		bytes = lxc_recv_nointr(listener_proxy_fd, &msg, sizeof(msg), 0);