Features/Syscall Filters

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
m (Documentation)
(Scope)
Line 26: Line 26:
  
 
== Scope ==
 
== Scope ==
* Get seccomp into upstream kernel (currently queued for 3.5): DONE
+
* Get seccomp into upstream kernel: DONE, present in 3.5-rc1
* Package libseccomp for Fedora (not done)
+
* Package libseccomp for Fedora: IN PROGRESS (waiting on review), [https://bugzilla.redhat.com/show_bug.cgi?id=830992 BZ 830992]
 
+
* Get the QEMU/libseccomp patch accepted upstream: IN PROGRESS (v2 patch posted on June 13th by IBM)
For a demo application at least QEMU should be using syscall filtering by F18, so:
+
* Update Fedora QEMU package to build against libseccomp: NOT DONE
* Patch upstream QEMU to use libseccomp for syscall filtering (in progress)
+
* Build QEMU in fedora against libseccomp to auto enable syscall filtering (not done)
+
  
 
== How To Test ==
 
== How To Test ==

Revision as of 20:54, 15 June 2012


Contents

Syscall Filters

Summary

Syscall filtering is a security mechanism that allows applications to define which syscalls they should be allowed to execute.

Owner

  • Name: Cole Robinson
  • Email: crobinso@redhat.com
  • Name: Paul Moore
  • Email: pmoore@redhat.com

Current status

  • Targeted release: Fedora 18
  • Last updated: June 6 2012
  • Percentage of completion: 40%

Detailed Description

Benefit to Fedora

Improved security for applications that use syscall filtering.

Scope

  • Get seccomp into upstream kernel: DONE, present in 3.5-rc1
  • Package libseccomp for Fedora: IN PROGRESS (waiting on review), BZ 830992
  • Get the QEMU/libseccomp patch accepted upstream: IN PROGRESS (v2 patch posted on June 13th by IBM)
  • Update Fedora QEMU package to build against libseccomp: NOT DONE

How To Test

TBD

User Experience

Ideally this feature shouldn't be noticeable to the user, the syscall filtering should allow normal execution of the application. Intention is that only people trying to exploit security holes notice that the syscall they are trying to use is blocked :)

Dependencies

  • Kernel updated to 3.5
  • libseccomp packaged
  • QEMU updated to 1.2

Any other apps that want to use this functionality need the the first two bits.

Contingency Plan

Since this is brand new functionality, if it doesn't make it in time for F18, nothing has changed. We just drop this feature page.

Documentation

Release Notes

Comments and Discussion