github.com/MerlinKodo/gvisor@v0.0.0-20231110090155-957f62ecf90e/runsc/boot/filter/filter.go (about) 1 // Copyright 2018 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package filter defines all syscalls the sandbox is allowed to make 16 // to the host, and installs seccomp filters to prevent prohibited 17 // syscalls in case it's compromised. 18 package filter 19 20 import ( 21 "github.com/MerlinKodo/gvisor/pkg/log" 22 "github.com/MerlinKodo/gvisor/pkg/seccomp" 23 "github.com/MerlinKodo/gvisor/pkg/sentry/devices/accel" 24 "github.com/MerlinKodo/gvisor/pkg/sentry/devices/nvproxy" 25 "github.com/MerlinKodo/gvisor/pkg/sentry/platform" 26 ) 27 28 // Options are seccomp filter related options. 29 type Options struct { 30 Platform platform.Platform 31 HostNetwork bool 32 HostNetworkRawSockets bool 33 HostFilesystem bool 34 ProfileEnable bool 35 NVProxy bool 36 TPUProxy bool 37 ControllerFD int 38 } 39 40 // Rules returns the seccomp (rules, denyRules) to use for the Sentry. 41 func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules) { 42 s := allowedSyscalls 43 s.Merge(controlServerFilters(opt.ControllerFD)) 44 45 // Set of additional filters used by -race and -msan. Returns empty 46 // when not enabled. 47 s.Merge(instrumentationFilters()) 48 49 if opt.HostNetwork { 50 if opt.HostNetworkRawSockets { 51 Report("host networking (with raw sockets) enabled: syscall filters less restrictive!") 52 } else { 53 Report("host networking enabled: syscall filters less restrictive!") 54 } 55 s.Merge(hostInetFilters(opt.HostNetworkRawSockets)) 56 } 57 if opt.ProfileEnable { 58 Report("profile enabled: syscall filters less restrictive!") 59 s.Merge(profileFilters()) 60 } 61 if opt.HostFilesystem { 62 Report("host filesystem enabled: syscall filters less restrictive!") 63 s.Merge(hostFilesystemFilters()) 64 } 65 if opt.NVProxy { 66 Report("Nvidia GPU driver proxy enabled: syscall filters less restrictive!") 67 s.Merge(nvproxy.Filters()) 68 } 69 if opt.TPUProxy { 70 Report("TPU device proxy enabled: syscall filters less restrictive!") 71 s.Merge(accel.Filters()) 72 } 73 74 s.Merge(opt.Platform.SyscallFilters()) 75 76 return s, seccomp.DenyNewExecMappings 77 } 78 79 // Install seccomp filters based on the given platform. 80 func Install(opt Options) error { 81 rules, denyRules := Rules(opt) 82 return seccomp.Install(rules, denyRules) 83 } 84 85 // Report writes a warning message to the log. 86 func Report(msg string) { 87 log.Warningf("*** SECCOMP WARNING: %s", msg) 88 }