testppd should run in seccomp/minijail sandbox |
||||||||||||||||||
Issue descriptionWhen called from debugd, it should be sandboxed.
,
Aug 15 2016
,
Aug 30 2016
,
Aug 30 2016
,
Aug 31 2016
Proposed sandboxing: Run with minijail0 -u lpadmin -g lpadmin -c 0 -n -S cupstestppd-seccomp-x86.policy cupstestppd [ppd file] depending on how the filters are installed, we may also need -G, which causes other group memberships to propagate. This is the minimal syscall set that has been tested on all the hp .ppd files in the hplip archive. If we want to be extra-cautious, we could set up files in a chroot-amenable way before running and also do a chroot, but I think that doesn't buy us enough to be worth the extra complexity. Still need to generate a similar policy for arm/arm64; should be easy to do but I don't have hardware for this at present. It may be worth running down at some point why libnettle and libhogwild are linked in by this binary; they are the source of some of the more esoteric syscalls, and it's not clear why they would be needed by the binary.
,
Aug 31 2016
Seems reasonable. I'd upload a CL when you get the arm pieces and send to vapier@ for review.
,
Sep 12 2016
,
Sep 16 2016
Just a ping. If we're close on this, maybe try to finish it out?
,
Oct 10 2016
,
Oct 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/73310fb1aca7f885e7959378af7afcb976f2baab commit 73310fb1aca7f885e7959378af7afcb976f2baab Author: Justin Carlson <justincarlson@chromium.org> Date: Tue Oct 11 23:13:26 2016 debugd: Add seccomp-bpf capability to sandboxed_process. This is groundwork to enable running cupstestppd with a syscall policy filter. BUG= chromium:633383 TEST=build, cros_workon_make --board=reks debugd --test Change-Id: I51e8dd0856b08392ea7c475245ed8201183aa24d Reviewed-on: https://chromium-review.googlesource.com/396885 Commit-Ready: Justin Carlson <justincarlson@chromium.org> Tested-by: Justin Carlson <justincarlson@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/73310fb1aca7f885e7959378af7afcb976f2baab/debugd/src/sandboxed_process.cc [modify] https://crrev.com/73310fb1aca7f885e7959378af7afcb976f2baab/debugd/src/sandboxed_process.h
,
Nov 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/2f28950d4db08540d828de3708ead5a37500b8d9 commit 2f28950d4db08540d828de3708ead5a37500b8d9 Author: Justin Carlson <justincarlson@chromium.org> Date: Thu Oct 27 22:46:28 2016 Add seccomp policy files for cups utils. This adds seccomp-bpf policy files (which are not currently used) to the installation files for the cups ebuild and bumps the cups ebuild rev. BUG=chromium:637160 chromium:633383 TEST=amd64 and arm variants were generated on and tested on hardware, x86 in emulation. Change-Id: If5247958a5d33b93fc47c51422c3e273569227b6 Reviewed-on: https://chromium-review.googlesource.com/404511 Commit-Ready: Justin Carlson <justincarlson@chromium.org> Tested-by: Justin Carlson <justincarlson@google.com> Tested-by: Justin Carlson <justincarlson@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [add] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/files/cupstestppd-seccomp-arm.policy [add] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/files/lpadmin-seccomp-x86.policy [modify] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/cups-2.1.4.ebuild [add] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/files/cupstestppd-seccomp-amd64.policy [add] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/files/lpadmin-seccomp-arm.policy [add] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/files/lpadmin-seccomp-amd64.policy [rename] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/cups-2.1.4-r7.ebuild [add] https://crrev.com/2f28950d4db08540d828de3708ead5a37500b8d9/net-print/cups/files/cupstestppd-seccomp-x86.policy
,
Nov 11 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/187c7250907341124fd4cd56e1405e12fcc85d8d commit 187c7250907341124fd4cd56e1405e12fcc85d8d Author: Justin Carlson <justincarlson@chromium.org> Date: Fri Oct 28 18:03:12 2016 debugd: Use seccomp policies for subprocesses. Invoke cupstestppd and lpadmin using seccomp policies. (related policy files are in a different change). TEST=manual trigger of addprinter via dbus on reks BUG=chromium:637160 chromium:633383 Change-Id: Ib1984e605e12bacec30fe2ee8b6a5628297b9f26 Reviewed-on: https://chromium-review.googlesource.com/404871 Commit-Ready: Justin Carlson <justincarlson@chromium.org> Tested-by: Justin Carlson <justincarlson@google.com> Tested-by: Justin Carlson <justincarlson@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Sean Kau <skau@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/187c7250907341124fd4cd56e1405e12fcc85d8d/debugd/src/cups_tool.cc [modify] https://crrev.com/187c7250907341124fd4cd56e1405e12fcc85d8d/debugd/src/sandboxed_process.cc
,
Nov 11 2016
,
Jan 21 2017
,
Mar 4 2017
,
Apr 17 2017
,
May 30 2017
,
Aug 1 2017
,
Oct 14 2017
|
||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||
Comment 1 by skau@chromium.org
, Aug 11 2016