@sysid/sandbox-runtime-improved 0.0.56-sysid.1 → 0.0.64-sysid.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (129) hide show
  1. package/README.md +106 -4
  2. package/dist/cli.js +12 -18
  3. package/dist/cli.js.map +1 -1
  4. package/dist/index.d.ts +5 -5
  5. package/dist/index.d.ts.map +1 -1
  6. package/dist/index.js +2 -2
  7. package/dist/index.js.map +1 -1
  8. package/dist/sandbox/credential-mask-files.d.ts +157 -0
  9. package/dist/sandbox/credential-mask-files.d.ts.map +1 -0
  10. package/dist/sandbox/credential-mask-files.js +298 -0
  11. package/dist/sandbox/credential-mask-files.js.map +1 -0
  12. package/dist/sandbox/credential-sentinel.d.ts +72 -0
  13. package/dist/sandbox/credential-sentinel.d.ts.map +1 -0
  14. package/dist/sandbox/credential-sentinel.js +130 -0
  15. package/dist/sandbox/credential-sentinel.js.map +1 -0
  16. package/dist/sandbox/domain-pattern.d.ts +36 -0
  17. package/dist/sandbox/domain-pattern.d.ts.map +1 -0
  18. package/dist/sandbox/domain-pattern.js +60 -0
  19. package/dist/sandbox/domain-pattern.js.map +1 -0
  20. package/dist/sandbox/http-proxy.d.ts +33 -2
  21. package/dist/sandbox/http-proxy.d.ts.map +1 -1
  22. package/dist/sandbox/http-proxy.js +30 -2
  23. package/dist/sandbox/http-proxy.js.map +1 -1
  24. package/dist/sandbox/linux-sandbox-utils.d.ts +20 -0
  25. package/dist/sandbox/linux-sandbox-utils.d.ts.map +1 -1
  26. package/dist/sandbox/linux-sandbox-utils.js +134 -65
  27. package/dist/sandbox/linux-sandbox-utils.js.map +1 -1
  28. package/dist/sandbox/linux-violation-monitor.d.ts +48 -0
  29. package/dist/sandbox/linux-violation-monitor.d.ts.map +1 -0
  30. package/dist/sandbox/linux-violation-monitor.js +156 -0
  31. package/dist/sandbox/linux-violation-monitor.js.map +1 -0
  32. package/dist/sandbox/listen-in-range.d.ts +12 -0
  33. package/dist/sandbox/listen-in-range.d.ts.map +1 -0
  34. package/dist/sandbox/listen-in-range.js +43 -0
  35. package/dist/sandbox/listen-in-range.js.map +1 -0
  36. package/dist/sandbox/macos-sandbox-utils.d.ts +11 -0
  37. package/dist/sandbox/macos-sandbox-utils.d.ts.map +1 -1
  38. package/dist/sandbox/macos-sandbox-utils.js +72 -17
  39. package/dist/sandbox/macos-sandbox-utils.js.map +1 -1
  40. package/dist/sandbox/mitm-ca.d.ts +69 -2
  41. package/dist/sandbox/mitm-ca.d.ts.map +1 -1
  42. package/dist/sandbox/mitm-ca.js +188 -16
  43. package/dist/sandbox/mitm-ca.js.map +1 -1
  44. package/dist/sandbox/mitm-leaf.d.ts +1 -1
  45. package/dist/sandbox/mitm-leaf.d.ts.map +1 -1
  46. package/dist/sandbox/mitm-leaf.js +26 -19
  47. package/dist/sandbox/mitm-leaf.js.map +1 -1
  48. package/dist/sandbox/mux-proxy.d.ts +59 -0
  49. package/dist/sandbox/mux-proxy.d.ts.map +1 -0
  50. package/dist/sandbox/mux-proxy.js +159 -0
  51. package/dist/sandbox/mux-proxy.js.map +1 -0
  52. package/dist/sandbox/request-filter.d.ts +11 -1
  53. package/dist/sandbox/request-filter.d.ts.map +1 -1
  54. package/dist/sandbox/request-filter.js.map +1 -1
  55. package/dist/sandbox/sandbox-config.d.ts +461 -41
  56. package/dist/sandbox/sandbox-config.d.ts.map +1 -1
  57. package/dist/sandbox/sandbox-config.js +342 -26
  58. package/dist/sandbox/sandbox-config.js.map +1 -1
  59. package/dist/sandbox/sandbox-manager.d.ts +5 -1
  60. package/dist/sandbox/sandbox-manager.d.ts.map +1 -1
  61. package/dist/sandbox/sandbox-manager.js +697 -211
  62. package/dist/sandbox/sandbox-manager.js.map +1 -1
  63. package/dist/sandbox/sandbox-schemas.d.ts +15 -0
  64. package/dist/sandbox/sandbox-schemas.d.ts.map +1 -1
  65. package/dist/sandbox/sandbox-utils.d.ts +55 -6
  66. package/dist/sandbox/sandbox-utils.d.ts.map +1 -1
  67. package/dist/sandbox/sandbox-utils.js +143 -30
  68. package/dist/sandbox/sandbox-utils.js.map +1 -1
  69. package/dist/sandbox/socks-proxy.d.ts +11 -5
  70. package/dist/sandbox/socks-proxy.d.ts.map +1 -1
  71. package/dist/sandbox/socks-proxy.js +13 -81
  72. package/dist/sandbox/socks-proxy.js.map +1 -1
  73. package/dist/sandbox/tls-terminate-proxy.d.ts +2 -2
  74. package/dist/sandbox/tls-terminate-proxy.d.ts.map +1 -1
  75. package/dist/sandbox/tls-terminate-proxy.js +31 -5
  76. package/dist/sandbox/tls-terminate-proxy.js.map +1 -1
  77. package/dist/sandbox/windows-sandbox-utils.d.ts +508 -116
  78. package/dist/sandbox/windows-sandbox-utils.d.ts.map +1 -1
  79. package/dist/sandbox/windows-sandbox-utils.js +721 -209
  80. package/dist/sandbox/windows-sandbox-utils.js.map +1 -1
  81. package/dist/utils/shell-quote.d.ts +27 -0
  82. package/dist/utils/shell-quote.d.ts.map +1 -0
  83. package/dist/utils/shell-quote.js +47 -0
  84. package/dist/utils/shell-quote.js.map +1 -0
  85. package/package.json +7 -6
  86. package/vendor/seccomp/arm64/apply-seccomp +0 -0
  87. package/vendor/seccomp/build.ts +8 -30
  88. package/vendor/seccomp/x64/apply-seccomp +0 -0
  89. package/vendor/srt-win/build.ts +21 -0
  90. package/dist/vendor/seccomp/Dockerfile.build +0 -6
  91. package/dist/vendor/seccomp/arm64/apply-seccomp +0 -0
  92. package/dist/vendor/seccomp/build.ts +0 -91
  93. package/dist/vendor/seccomp/x64/apply-seccomp +0 -0
  94. package/dist/vendor/seccomp-src/apply-seccomp.c +0 -280
  95. package/dist/vendor/seccomp-src/seccomp-unix-block.c +0 -148
  96. package/dist/vendor/srt-win/Cargo.lock +0 -361
  97. package/dist/vendor/srt-win/Cargo.toml +0 -46
  98. package/dist/vendor/srt-win/ci/cleanup.ps1 +0 -49
  99. package/dist/vendor/srt-win/ci/smoke-exec.ps1 +0 -446
  100. package/dist/vendor/srt-win/ci/smoke.ps1 +0 -307
  101. package/dist/vendor/srt-win/src/job.rs +0 -102
  102. package/dist/vendor/srt-win/src/launch.rs +0 -732
  103. package/dist/vendor/srt-win/src/lib.rs +0 -20
  104. package/dist/vendor/srt-win/src/main.rs +0 -669
  105. package/dist/vendor/srt-win/src/self_protect.rs +0 -169
  106. package/dist/vendor/srt-win/src/sid.rs +0 -296
  107. package/dist/vendor/srt-win/src/token.rs +0 -341
  108. package/dist/vendor/srt-win/src/util.rs +0 -42
  109. package/dist/vendor/srt-win/src/wfp.rs +0 -992
  110. package/dist/vendor/srt-win/src/winsta.rs +0 -209
  111. package/dist/vendor/srt-win/tests/sd_access_check_matrix.rs +0 -259
  112. package/vendor/seccomp-src/apply-seccomp.c +0 -280
  113. package/vendor/seccomp-src/seccomp-unix-block.c +0 -148
  114. package/vendor/srt-win/Cargo.lock +0 -361
  115. package/vendor/srt-win/Cargo.toml +0 -46
  116. package/vendor/srt-win/ci/cleanup.ps1 +0 -49
  117. package/vendor/srt-win/ci/smoke-exec.ps1 +0 -446
  118. package/vendor/srt-win/ci/smoke.ps1 +0 -307
  119. package/vendor/srt-win/src/job.rs +0 -102
  120. package/vendor/srt-win/src/launch.rs +0 -732
  121. package/vendor/srt-win/src/lib.rs +0 -20
  122. package/vendor/srt-win/src/main.rs +0 -669
  123. package/vendor/srt-win/src/self_protect.rs +0 -169
  124. package/vendor/srt-win/src/sid.rs +0 -296
  125. package/vendor/srt-win/src/token.rs +0 -341
  126. package/vendor/srt-win/src/util.rs +0 -42
  127. package/vendor/srt-win/src/wfp.rs +0 -992
  128. package/vendor/srt-win/src/winsta.rs +0 -209
  129. package/vendor/srt-win/tests/sd_access_check_matrix.rs +0 -259
@@ -1,280 +0,0 @@
1
- /*
2
- * apply-seccomp.c - Apply seccomp BPF filter in an isolated PID namespace
3
- *
4
- * Usage: apply-seccomp <command> [args...]
5
- *
6
- * This program applies a baked-in seccomp BPF filter, isolates the
7
- * target command in a nested user+PID+mount namespace so it cannot see or
8
- * ptrace any process that lacks the filter, applies the filter with
9
- * prctl(PR_SET_SECCOMP), and execs the command.
10
- *
11
- * Process layout inside the outer bwrap sandbox:
12
- *
13
- * bwrap init (PID 1) <- outer PID ns, no seccomp
14
- * \_ bash / socat ... <- outer PID ns, no seccomp
15
- * \_ apply-seccomp [outer] <- outer PID ns, waits for inner init
16
- * ================================================= PID ns boundary
17
- * \_ apply-seccomp [inner init] <- inner PID 1, PR_SET_DUMPABLE=0
18
- * \_ user command <- inner PID 2, seccomp applied
19
- *
20
- * From the user command's point of view /proc contains only its own process
21
- * tree. The bwrap init, bash wrapper, and socat helpers are not addressable,
22
- * so they cannot be ptraced or patched via /proc/N/mem even on systems with
23
- * kernel.yama.ptrace_scope=0. The inner init (PID 1) sets PR_SET_DUMPABLE=0
24
- * so it cannot be ptraced either.
25
- *
26
- * Any failure to set up the nested namespaces aborts with a non-zero exit
27
- * status; we never fall back to running the command without isolation.
28
- *
29
- * Compile: gcc -static -O2 -o apply-seccomp apply-seccomp.c
30
- */
31
-
32
- #define _GNU_SOURCE
33
- #include <stdio.h>
34
- #include <stdlib.h>
35
- #include <stdarg.h>
36
- #include <string.h>
37
- #include <unistd.h>
38
- #include <fcntl.h>
39
- #include <errno.h>
40
- #include <sched.h>
41
- #include <signal.h>
42
- #include <sys/prctl.h>
43
- #include <sys/wait.h>
44
- #include <sys/mount.h>
45
- #include <linux/seccomp.h>
46
- #include <linux/filter.h>
47
-
48
- #include "unix-block-bpf.h"
49
-
50
- #ifndef PR_SET_NO_NEW_PRIVS
51
- #define PR_SET_NO_NEW_PRIVS 38
52
- #endif
53
-
54
- #ifndef PR_CAP_AMBIENT
55
- #define PR_CAP_AMBIENT 47
56
- #define PR_CAP_AMBIENT_CLEAR_ALL 4
57
- #endif
58
-
59
- #ifndef SECCOMP_MODE_FILTER
60
- #define SECCOMP_MODE_FILTER 2
61
- #endif
62
-
63
- static void die(const char *msg) {
64
- perror(msg);
65
- _exit(1);
66
- }
67
-
68
- static int write_file(const char *path, const char *fmt, ...) {
69
- char buf[256];
70
- va_list ap;
71
- va_start(ap, fmt);
72
- int len = vsnprintf(buf, sizeof(buf), fmt, ap);
73
- va_end(ap);
74
- if (len < 0 || (size_t)len >= sizeof(buf)) {
75
- errno = EOVERFLOW;
76
- return -1;
77
- }
78
-
79
- int fd = open(path, O_WRONLY);
80
- if (fd < 0) {
81
- return -1;
82
- }
83
- ssize_t r = write(fd, buf, (size_t)len);
84
- int saved = errno;
85
- close(fd);
86
- if (r != len) {
87
- errno = (r < 0) ? saved : EIO;
88
- return -1;
89
- }
90
- return 0;
91
- }
92
-
93
- /* PID the current process forwards signals to. Used by both the outer stub
94
- * (forwards to inner init) and the inner init (forwards to the worker).
95
- * PID 1 ignores signals it has no handler for, so the inner init MUST install
96
- * these or SIGTERM from the outside is silently dropped. */
97
- static volatile pid_t forward_target = -1;
98
-
99
- static void forward_signal(int sig) {
100
- if (forward_target > 0) {
101
- kill(forward_target, sig);
102
- }
103
- }
104
-
105
- static void install_forwarders(pid_t target) {
106
- forward_target = target;
107
- struct sigaction sa = { .sa_handler = forward_signal };
108
- sigemptyset(&sa.sa_mask);
109
- sigaction(SIGTERM, &sa, NULL);
110
- sigaction(SIGINT, &sa, NULL);
111
- sigaction(SIGHUP, &sa, NULL);
112
- sigaction(SIGQUIT, &sa, NULL);
113
- sigaction(SIGUSR1, &sa, NULL);
114
- sigaction(SIGUSR2, &sa, NULL);
115
- }
116
-
117
- /*
118
- * Wait for `main_child`, reaping any other children that exit first.
119
- * Returns as soon as `main_child` terminates — the caller then _exit()s,
120
- * which as PID 1 tears down the namespace and SIGKILLs any stragglers.
121
- * Returns an exit(3)-style status: exit code, or 128+signal.
122
- */
123
- static int reap_until(pid_t main_child) {
124
- int status = 0;
125
- for (;;) {
126
- pid_t r = waitpid(-1, &status, 0);
127
- if (r < 0) {
128
- if (errno == EINTR) {
129
- continue;
130
- }
131
- return 1; /* ECHILD without seeing main_child — shouldn't happen. */
132
- }
133
- if (r == main_child) {
134
- if (WIFEXITED(status)) {
135
- return WEXITSTATUS(status);
136
- }
137
- if (WIFSIGNALED(status)) {
138
- return 128 + WTERMSIG(status);
139
- }
140
- return 1;
141
- }
142
- /* Reaped an orphan that died before main_child; keep waiting. */
143
- }
144
- }
145
-
146
- int main(int argc, char *argv[]) {
147
- if (argc < 2) {
148
- fprintf(stderr, "Usage: %s <command> [args...]\n", argv[0]);
149
- return 1;
150
- }
151
-
152
- char **command_argv = &argv[1];
153
-
154
- _Static_assert(sizeof(unix_block_bpf) % sizeof(struct sock_filter) == 0,
155
- "BPF filter size must be a multiple of sock_filter");
156
- struct sock_fprog prog = {
157
- .len = (unsigned short)(sizeof(unix_block_bpf) / sizeof(struct sock_filter)),
158
- .filter = (struct sock_filter *)unix_block_bpf,
159
- };
160
-
161
- /* ---- New PID + mount namespaces. Children (not us) enter the PID ns. ----
162
- *
163
- * Two paths to get CAP_SYS_ADMIN for the unshare:
164
- * (a) The caller (bwrap) kept CAP_SYS_ADMIN in this user namespace via
165
- * --cap-add. Just unshare directly.
166
- * (b) We don't have the cap. Create a nested user namespace to get it,
167
- * map uid/gid, then unshare. This also works when apply-seccomp is
168
- * run standalone outside bwrap.
169
- *
170
- * Path (a) is tried first. If the caller didn't give us the cap, the
171
- * kernel returns EPERM and we fall through to (b). Path (b) can itself
172
- * fail on hosts where unprivileged user namespaces are gated by an LSM
173
- * (Ubuntu 24.04's AppArmor restriction, for example) — the unshare
174
- * succeeds but the new namespace grants no capabilities, so the setgroups
175
- * write fails. In that case we abort: the caller must supply CAP_SYS_ADMIN.
176
- */
177
- if (unshare(CLONE_NEWPID | CLONE_NEWNS) < 0) {
178
- if (errno != EPERM) {
179
- die("apply-seccomp: unshare(CLONE_NEWPID|CLONE_NEWNS)");
180
- }
181
-
182
- uid_t uid = geteuid();
183
- gid_t gid = getegid();
184
-
185
- if (unshare(CLONE_NEWUSER) < 0) {
186
- die("apply-seccomp: unshare(CLONE_NEWUSER)");
187
- }
188
- if (write_file("/proc/self/setgroups", "deny") < 0) {
189
- die("apply-seccomp: write /proc/self/setgroups "
190
- "(nested userns is capability-restricted; "
191
- "caller must provide CAP_SYS_ADMIN)");
192
- }
193
- if (write_file("/proc/self/uid_map", "%u %u 1\n", uid, uid) < 0) {
194
- die("apply-seccomp: write /proc/self/uid_map");
195
- }
196
- if (write_file("/proc/self/gid_map", "%u %u 1\n", gid, gid) < 0) {
197
- die("apply-seccomp: write /proc/self/gid_map");
198
- }
199
- if (unshare(CLONE_NEWPID | CLONE_NEWNS) < 0) {
200
- die("apply-seccomp: unshare(CLONE_NEWPID|CLONE_NEWNS) after userns");
201
- }
202
- }
203
-
204
- pid_t child = fork();
205
- if (child < 0) {
206
- die("apply-seccomp: fork");
207
- }
208
-
209
- if (child > 0) {
210
- /* Outer stub: still in bwrap's PID namespace. Forward signals and
211
- * wait so the caller sees the real exit status. */
212
- install_forwarders(child);
213
-
214
- int status;
215
- for (;;) {
216
- pid_t r = waitpid(child, &status, 0);
217
- if (r < 0 && errno == EINTR) continue;
218
- if (r < 0) die("apply-seccomp: waitpid");
219
- break;
220
- }
221
- if (WIFSIGNALED(status)) return 128 + WTERMSIG(status);
222
- return WIFEXITED(status) ? WEXITSTATUS(status) : 1;
223
- }
224
-
225
- /* ================================================================
226
- * Inner init — PID 1 in the nested PID namespace.
227
- * ================================================================ */
228
-
229
- /* Block ptrace and /proc/1/mem writes against this process. */
230
- if (prctl(PR_SET_DUMPABLE, 0) < 0) {
231
- die("apply-seccomp: prctl(PR_SET_DUMPABLE)");
232
- }
233
-
234
- /* Don't let our /proc mount propagate anywhere. */
235
- if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL) < 0) {
236
- die("apply-seccomp: mount(MS_PRIVATE)");
237
- }
238
- /* EPERM here means a masked /proc is underneath (unprivileged Docker)
239
- * and the kernel domination check refused the overmount. The nested
240
- * userns above is the isolation boundary; this remount only hides
241
- * outer PIDs from `ls /proc`. enableWeakerNestedSandbox targets
242
- * exactly this environment. */
243
- if (mount("proc", "/proc", "proc", MS_NOSUID | MS_NODEV | MS_NOEXEC, NULL) < 0
244
- && errno != EPERM) {
245
- die("apply-seccomp: mount(/proc)");
246
- }
247
-
248
- /* bwrap --cap-add places CAP_SYS_ADMIN in the ambient set so it survives
249
- * exec. Clear it now that the mount is done; combined with
250
- * PR_SET_NO_NEW_PRIVS, the worker's execve drops to zero capabilities. */
251
- if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0) {
252
- die("apply-seccomp: prctl(PR_CAP_AMBIENT_CLEAR_ALL)");
253
- }
254
-
255
- /* Fork the real workload so PID 1 can stay as a non-dumpable reaper. */
256
- pid_t worker = fork();
257
- if (worker < 0) {
258
- die("apply-seccomp: fork(worker)");
259
- }
260
-
261
- if (worker > 0) {
262
- /* Inner init: reap everything, exit with the worker's status.
263
- * When PID 1 exits the kernel tears down the whole namespace.
264
- * PID 1 drops signals without handlers, so install forwarders. */
265
- install_forwarders(worker);
266
- _exit(reap_until(worker));
267
- }
268
-
269
- /* ---- Worker (inner PID 2): apply seccomp and exec. ---- */
270
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
271
- die("apply-seccomp: prctl(PR_SET_NO_NEW_PRIVS)");
272
- }
273
- if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) {
274
- die("apply-seccomp: prctl(PR_SET_SECCOMP)");
275
- }
276
-
277
- execvp(command_argv[0], command_argv);
278
- die("apply-seccomp: execvp");
279
- return 1;
280
- }
@@ -1,148 +0,0 @@
1
- /*
2
- * Seccomp BPF filter generator to block Unix domain socket creation
3
- *
4
- * This program generates a seccomp-bpf filter that blocks the socket() syscall
5
- * when called with AF_UNIX as the domain argument. This prevents creation of
6
- * Unix domain sockets while allowing all other socket types (AF_INET, AF_INET6, etc.)
7
- * and all other syscalls.
8
- *
9
- * The filter is exported in a format compatible with bubblewrap's --seccomp flag.
10
- *
11
- * SECURITY LIMITATION - 32-bit x86 (ia32):
12
- * TODO: This filter does NOT block socketcall() syscall, which is a security issue
13
- * on 32-bit x86 systems. On ia32, the socket() syscall doesn't exist - instead,
14
- * all socket operations are multiplexed through socketcall():
15
- * - socketcall(SYS_SOCKET, [AF_UNIX, ...]) - can bypass this filter
16
- * - socketcall(SYS_SOCKETPAIR, [AF_UNIX, ...]) - can bypass this filter
17
- *
18
- * To fix this, we need to add conditional rules that:
19
- * 1. Check if socketcall() exists on the current architecture (32-bit x86 only)
20
- * 2. Block socketcall(SYS_SOCKET, ...) when first arg of sub-call is AF_UNIX
21
- * 3. Block socketcall(SYS_SOCKETPAIR, ...) when first arg of sub-call is AF_UNIX
22
- *
23
- * This requires inspecting the arguments passed to socketcall, which is more
24
- * complex BPF logic. For now, 32-bit x86 is not supported.
25
- *
26
- * Compilation:
27
- * gcc -o seccomp-unix-block seccomp-unix-block.c -lseccomp
28
- *
29
- * Usage:
30
- * ./seccomp-unix-block <output-file> [arch]
31
- *
32
- * If arch is given (x86_64 or aarch64), the filter is generated for that
33
- * architecture instead of the native one. Lets a single-arch builder emit
34
- * filters for both x64 and arm64.
35
- *
36
- * Dependencies:
37
- * - libseccomp (libseccomp-dev package on Debian/Ubuntu)
38
- */
39
-
40
- #include <errno.h>
41
- #include <fcntl.h>
42
- #include <stdio.h>
43
- #include <stdlib.h>
44
- #include <string.h>
45
- #include <unistd.h>
46
- #include <seccomp.h>
47
- #include <sys/socket.h>
48
- #include <sys/stat.h>
49
- #include <sys/types.h>
50
-
51
- int main(int argc, char *argv[]) {
52
- scmp_filter_ctx ctx;
53
- int rc;
54
-
55
- if (argc < 2 || argc > 3) {
56
- fprintf(stderr, "Usage: %s <output-file> [x86_64|aarch64]\n", argv[0]);
57
- return 1;
58
- }
59
-
60
- const char *output_file = argv[1];
61
- const char *arch_name = (argc == 3) ? argv[2] : NULL;
62
-
63
- /* Create seccomp context with default action ALLOW */
64
- ctx = seccomp_init(SCMP_ACT_ALLOW);
65
- if (ctx == NULL) {
66
- fprintf(stderr, "Error: Failed to initialize seccomp context\n");
67
- return 1;
68
- }
69
-
70
- if (arch_name != NULL) {
71
- uint32_t target;
72
- if (strcmp(arch_name, "x86_64") == 0) {
73
- target = SCMP_ARCH_X86_64;
74
- } else if (strcmp(arch_name, "aarch64") == 0) {
75
- target = SCMP_ARCH_AARCH64;
76
- } else {
77
- fprintf(stderr, "Error: Unsupported arch '%s'\n", arch_name);
78
- seccomp_release(ctx);
79
- return 1;
80
- }
81
- if (target != seccomp_arch_native()) {
82
- rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
83
- if (rc == 0) rc = seccomp_arch_add(ctx, target);
84
- if (rc < 0) {
85
- fprintf(stderr, "Error: Failed to set target arch: %s\n", strerror(-rc));
86
- seccomp_release(ctx);
87
- return 1;
88
- }
89
- }
90
- }
91
-
92
- /* Add rule to block socket(AF_UNIX, ...) */
93
- /* socket() syscall signature: int socket(int domain, int type, int protocol) */
94
- /* arg0 = domain (AF_UNIX = 1) */
95
- /* Use SCMP_CMP_MASKED_EQ with a 32-bit mask: the domain argument is a 32-bit
96
- * int, so the kernel ignores the upper 32 bits of the register. A plain
97
- * SCMP_CMP_EQ would compare all 64 bits and miss calls where the upper bits
98
- * are set. */
99
- rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(socket), 1,
100
- SCMP_A0(SCMP_CMP_MASKED_EQ, 0xffffffff, AF_UNIX));
101
- if (rc < 0) {
102
- fprintf(stderr, "Error: Failed to add seccomp rule: %s\n", strerror(-rc));
103
- seccomp_release(ctx);
104
- return 1;
105
- }
106
-
107
- /* Block io_uring entirely. IORING_OP_SOCKET (Linux 5.19+) creates sockets
108
- * in kernel context without going through the socket() syscall, bypassing
109
- * the rule above. seccomp cannot inspect io_uring SQEs (they live in a
110
- * shared-memory ring), so the only safe option is to deny ring creation
111
- * and use. Blocking all three syscalls also covers the case of an
112
- * inherited ring fd. */
113
- int io_uring_calls[] = {
114
- SCMP_SYS(io_uring_setup),
115
- SCMP_SYS(io_uring_enter),
116
- SCMP_SYS(io_uring_register),
117
- };
118
- for (size_t i = 0; i < sizeof(io_uring_calls) / sizeof(io_uring_calls[0]); i++) {
119
- rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), io_uring_calls[i], 0);
120
- if (rc < 0) {
121
- fprintf(stderr, "Error: Failed to add io_uring rule: %s\n", strerror(-rc));
122
- seccomp_release(ctx);
123
- return 1;
124
- }
125
- }
126
-
127
- /* Export the filter to a file */
128
- int fd = open(output_file, O_CREAT | O_WRONLY | O_TRUNC, 0600);
129
- if (fd < 0) {
130
- fprintf(stderr, "Error: Failed to open output file: %s\n", strerror(errno));
131
- seccomp_release(ctx);
132
- return 1;
133
- }
134
-
135
- rc = seccomp_export_bpf(ctx, fd);
136
- if (rc < 0) {
137
- fprintf(stderr, "Error: Failed to export seccomp filter: %s\n", strerror(-rc));
138
- close(fd);
139
- seccomp_release(ctx);
140
- return 1;
141
- }
142
-
143
- /* Clean up */
144
- close(fd);
145
- seccomp_release(ctx);
146
-
147
- return 0;
148
- }