github.com/MerlinKodo/gvisor@v0.0.0-20231110090155-957f62ecf90e/runsc/boot/filter/filter.go (about)

     1  // Copyright 2018 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package filter defines all syscalls the sandbox is allowed to make
    16  // to the host, and installs seccomp filters to prevent prohibited
    17  // syscalls in case it's compromised.
    18  package filter
    19  
    20  import (
    21  	"github.com/MerlinKodo/gvisor/pkg/log"
    22  	"github.com/MerlinKodo/gvisor/pkg/seccomp"
    23  	"github.com/MerlinKodo/gvisor/pkg/sentry/devices/accel"
    24  	"github.com/MerlinKodo/gvisor/pkg/sentry/devices/nvproxy"
    25  	"github.com/MerlinKodo/gvisor/pkg/sentry/platform"
    26  )
    27  
    28  // Options are seccomp filter related options.
    29  type Options struct {
    30  	Platform              platform.Platform
    31  	HostNetwork           bool
    32  	HostNetworkRawSockets bool
    33  	HostFilesystem        bool
    34  	ProfileEnable         bool
    35  	NVProxy               bool
    36  	TPUProxy              bool
    37  	ControllerFD          int
    38  }
    39  
    40  // Rules returns the seccomp (rules, denyRules) to use for the Sentry.
    41  func Rules(opt Options) (seccomp.SyscallRules, seccomp.SyscallRules) {
    42  	s := allowedSyscalls
    43  	s.Merge(controlServerFilters(opt.ControllerFD))
    44  
    45  	// Set of additional filters used by -race and -msan. Returns empty
    46  	// when not enabled.
    47  	s.Merge(instrumentationFilters())
    48  
    49  	if opt.HostNetwork {
    50  		if opt.HostNetworkRawSockets {
    51  			Report("host networking (with raw sockets) enabled: syscall filters less restrictive!")
    52  		} else {
    53  			Report("host networking enabled: syscall filters less restrictive!")
    54  		}
    55  		s.Merge(hostInetFilters(opt.HostNetworkRawSockets))
    56  	}
    57  	if opt.ProfileEnable {
    58  		Report("profile enabled: syscall filters less restrictive!")
    59  		s.Merge(profileFilters())
    60  	}
    61  	if opt.HostFilesystem {
    62  		Report("host filesystem enabled: syscall filters less restrictive!")
    63  		s.Merge(hostFilesystemFilters())
    64  	}
    65  	if opt.NVProxy {
    66  		Report("Nvidia GPU driver proxy enabled: syscall filters less restrictive!")
    67  		s.Merge(nvproxy.Filters())
    68  	}
    69  	if opt.TPUProxy {
    70  		Report("TPU device proxy enabled: syscall filters less restrictive!")
    71  		s.Merge(accel.Filters())
    72  	}
    73  
    74  	s.Merge(opt.Platform.SyscallFilters())
    75  
    76  	return s, seccomp.DenyNewExecMappings
    77  }
    78  
    79  // Install seccomp filters based on the given platform.
    80  func Install(opt Options) error {
    81  	rules, denyRules := Rules(opt)
    82  	return seccomp.Install(rules, denyRules)
    83  }
    84  
    85  // Report writes a warning message to the log.
    86  func Report(msg string) {
    87  	log.Warningf("*** SECCOMP WARNING: %s", msg)
    88  }