commit 0ef8a661dc17479d0e0cee211c53ed557543809f
author Utkarsh Sanghi <usanghi@chromium.org> Mon Aug 18 15:50:11 2014 -0700
committer chrome-internal-fetch <chrome-internal-fetch@google.com> Fri Aug 22 00:51:44 2014 +0000
tree 7611d32bac73dcf792629fac666a247509229727
parent 95320a6c6367ec09e594e32f986b8c535d49d773

minijail: add seccomp softfail option

Minijail now softfails when seccomp is not implemented
by the OS. However if the USE_seccomp flag is defined,
minijail still hardfails.

BUG=chromium:368071
TEST=Manual: compiled with and without USE flag.
CQ-DEPEND=CL:212960

Change-Id: If2b58ddd5ce51a357bda325d32fe2b3dac6df11f
Reviewed-on: https://chromium-review.googlesource.com/212919
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Utkarsh Sanghi <usanghi@chromium.org>
Commit-Queue: Utkarsh Sanghi <usanghi@chromium.org>

Makefile

diff --git a/Makefile b/Makefile
index d931df0..40d43bd 100644
--- a/Makefile
+++ b/Makefile
@@ -11,6 +11,9 @@
 ifneq ($(HAVE_SECUREBITS_H),no)
 CFLAGS += -DHAVE_SECUREBITS_H
 endif
+ifneq ($(USE_seccomp),yes)
+CFLAGS += -DUSE_SECCOMP_SOFTFAIL
+endif
 
 all : minijail0 libminijail.so libminijailpreload.so
 

libminijail.c

diff --git a/libminijail.c b/libminijail.c
index 9fafc51..7a18831 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -61,6 +61,12 @@
 # define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */
 #endif
 
+#ifdef USE_SECCOMP_SOFTFAIL
+# define SECCOMP_SOFTFAIL 1
+#else
+# define SECCOMP_SOFTFAIL 0
+#endif
+
 struct binding {
 	char *src;
 	char *dest;
@@ -355,6 +361,12 @@
 
 void API minijail_parse_seccomp_filters(struct minijail *j, const char *path)
 {
+	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL)) {
+		if ((errno == ENOSYS) && SECCOMP_SOFTFAIL) {
+			warn("not loading seccomp filter, seccomp not supported");
+			return;
+		}
+	}
 	FILE *file = fopen(path, "r");
 	if (!file) {
 		pdie("failed to open seccomp filter file '%s'", path);
@@ -754,8 +766,13 @@
 	 * Install the syscall filter.
 	 */
 	if (j->flags.seccomp_filter) {
-		if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, j->filter_prog))
+		if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, j->filter_prog)) {
+			if ((errno == ENOSYS) && SECCOMP_SOFTFAIL) {
+				warn("seccomp not supported");
+				return;
+			}
 			pdie("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)");
+		}
 	}
 }
 
@@ -835,8 +852,13 @@
 	 * seccomp has to come last since it cuts off all the other
 	 * privilege-dropping syscalls :)
 	 */
-	if (j->flags.seccomp && prctl(PR_SET_SECCOMP, 1))
+	if (j->flags.seccomp && prctl(PR_SET_SECCOMP, 1)) {
+		if ((errno == ENOSYS) && SECCOMP_SOFTFAIL) {
+			warn("seccomp not supported");
+			return;
+		}
 		pdie("prctl(PR_SET_SECCOMP)");
+	}
 }
 
 /* TODO(wad) will visibility affect this variable? */