From c8faedc1fff6e37fbcf7c6d449888dd1e7bdf9cd Mon Sep 17 00:00:00 2001 From: Michal Sojka Date: Tue, 12 Sep 2017 13:12:35 +0200 Subject: [PATCH] Do not disable seccomp when configuration is not found Previously, when seccomp configuration file for a service was not found, the service was started without seccomp. I consider this potential attack vector. With this change, procd starts the service as if the configuration existed but the service fails in libpreload-seccomp.so, because the configuration cannot be loaded. This is announced in the syslog. Signed-off-by: Michal Sojka --- service/instance.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/service/instance.c b/service/instance.c index bb766ea..dc7e3ca 100644 --- a/service/instance.c +++ b/service/instance.c @@ -873,15 +873,8 @@ instance_config_parse(struct service_instance *in) if (tb[INSTANCE_ATTR_NO_NEW_PRIVS]) in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]); - if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) { - char *seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]); - struct stat s; - - if (stat(seccomp, &s)) - ERROR("%s: not starting seccomp as %s is missing\n", in->name, seccomp); - else - in->seccomp = seccomp; - } + if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) + in->seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]); if (tb[INSTANCE_ATTR_PIDFILE]) { char *pidfile = blobmsg_get_string(tb[INSTANCE_ATTR_PIDFILE]); -- 2.11.0