After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 785197 - Apply seccomp syscall filtering
Apply seccomp syscall filtering
Status: RESOLVED FIXED
Product: gnome-desktop
Classification: Core
Component: Thumbnail
3.25.x
Other Linux
: Normal normal
: ---
Assigned To: Desktop Maintainers
Desktop Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-07-20 22:30 UTC by Bastien Nocera
Modified: 2017-09-22 12:26 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
thumbnail: Restrict thumbnailer syscalls using seccomp (13.55 KB, patch)
2017-07-21 12:29 UTC, Bastien Nocera
committed Details | Review

Description Bastien Nocera 2017-07-20 22:30:25 UTC
Look for ENABLE_SECCOMP in https://github.com/flatpak/flatpak/blob/master/common/flatpak-run.c for an example of how to apply it.
Comment 1 Bastien Nocera 2017-07-21 12:29:59 UTC
Created attachment 356112 [details] [review]
thumbnail: Restrict thumbnailer syscalls using seccomp

Use seccomp code from flatpak to limit the system calls thumbnailers can
make, reducing the attach surface.
Comment 2 Bastien Nocera 2017-07-21 12:33:42 UTC
Attachment 356112 [details] pushed as 5a4844b - thumbnail: Restrict thumbnailer syscalls using seccomp
Comment 3 vitalik_p 2017-09-20 17:14:51 UTC
checking for LIBSECCOMP... no
configure: error: Package requirements (libseccomp) were not met:

Package 'libseccomp', required by 'virtual:world', not found

Is it possible to add an option to build without libseccomp?
Comment 4 Bastien Nocera 2017-09-20 17:20:58 UTC
libseccomp is a requirement on Linux. File a bug against jhbuild if it doesn't provide you with a way to get that dependency.
Comment 5 vitalik_p 2017-09-20 20:21:47 UTC
> libseccomp is a requirement on Linux.

I don't have this library. I would not want to install it.

> File a bug against jhbuild if it doesn't provide you with a way to get that dependency.

I build gnome-desktop from tarball without jhbuild.

In code present macros ENABLE_SECCOMP.

Why don't add option in configure.ac to disable him?
Comment 6 Bastien Nocera 2017-09-21 11:00:38 UTC
It's not optional. Not. Optional. If you want to hack together something that might or might not work, go for it. The upstream requires libseccomp for sandboxing. If that's still a problem, file a bug against jhbuild.
Comment 7 vitalik_p 2017-09-22 12:26:59 UTC
Ok, i see https://bugzilla.gnome.org/show_bug.cgi?id=784940#c3 .

You don't like who want disable new functionality.

You impose unnecessary functionality without leaving an opportunity to choose a minimum set of tools. It's hard, but i do it with patch.

Have a nice day...