implement seccomp filtering by argument
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | ubuntu-core-launcher (Ubuntu) |
Wishlist
|
Jamie Strandboge | ||
Bug Description
The ubuntu-
This is not for 15.04.
Related branches
- Tyler Hicks: Pending requested 2016-04-06
- Snappy Developers: Pending requested 2016-04-06
-
Diff: 974 lines (+823/-31)10 files modifiedREADME (+82/-18)
debian/changelog (+1/-0)
src/seccomp.c (+313/-13)
tests/test_bad_seccomp_filter_args (+54/-0)
tests/test_bad_seccomp_filter_args_null (+51/-0)
tests/test_bad_seccomp_filter_args_prctl (+55/-0)
tests/test_bad_seccomp_filter_args_socket (+55/-0)
tests/test_restrictions_working_args (+96/-0)
tests/test_restrictions_working_args_prctl (+58/-0)
tests/test_restrictions_working_args_socket (+58/-0)
| tags: | added: application-confinement |
| Changed in ubuntu-core-launcher (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| Changed in ubuntu-core-launcher (Ubuntu): | |
| status: | Triaged → In Progress |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| no longer affects: | ubuntu-core-security (Ubuntu) |
| Jamie Strandboge (jdstrand) wrote : | #1 |
| Changed in ubuntu-core-launcher (Ubuntu): | |
| status: | In Progress → Fix Released |
| Olivier Paroz (oparoz) wrote : | #2 |
This doesn't seem to be fixed as I've just had a Snap fail because it did a syscall to fchown32, which, according to the seccomp profile will fail until this bug here is solved.
16.04.1
snap-confine/now 1.0.42-0ubuntu3 armhf
| Jamie Strandboge (jdstrand) wrote : | #3 |
@Olivier - the feature is implemented but the policy doesn't yet have an update for this denial. That will be fixed in the coming weeks.
| Olivier Paroz (oparoz) wrote : | #4 |
Thank you Jamie!
I'm going to mark this as 'fixed released' since it is fixed in snap-confine in series 16.