Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] Allow filtering 32 and 64 bits syscalls for x86-64. #74

Open
patlefort opened this issue Jun 11, 2024 · 2 comments
Open

[Request] Allow filtering 32 and 64 bits syscalls for x86-64. #74

patlefort opened this issue Jun 11, 2024 · 2 comments

Comments

@patlefort
Copy link

At the moment, it's not possible to filter both. If a filtered program call a 32 bits program, it will result in a bad system call. In libseccomp, one can differentiate between the 2 by checking for __X32_SYSCALL_BIT mask on the system call number. It would be very useful for my use case, filtering calls from a sandbox environment that may use 32 bits applications.
@colinmarc
Copy link

I would also use such a feature. I'm also a bit confused about the current API - does the filter just reject/kill syscalls with a different AUDIT_* arch? This could definitely be better documented.

@mrcnski
Copy link

mrcnski commented Jan 22, 2025

Looks like this library doesn't handle __X32_SYSCALL_BIT at all, based on a search of the source code. Am I wrong, or does this mean restricted code can potentially set this bit to bypass restrictions?

seccomp(2)

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@colinmarc @patlefort @mrcnski