Skip to content

Instantly share code, notes, and snippets.

@djanatyn

djanatyn/seccomp-filters-systemd-run.md

Created October 8, 2022 16:48
Show Gist options
  • Save djanatyn/47d7a12fd048e5719ff80368aa1fe619 to your computer and use it in GitHub Desktop.
Save djanatyn/47d7a12fd048e5719ff80368aa1fe619 to your computer and use it in GitHub Desktop.
Download ZIP
systemd-run SystemCallFilter seccomp filtering
Raw
seccomp-filters-systemd-run.md

running curl with systemd-run

❯ systemd-run --wait --user --pty curl google.com
Running as unit: run-u1627.service
Press ^] three times within 1s to disconnect TTY.
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
Finished with result: success
Main processes terminated with: code=exited/status=0
Service runtime: 26ms
CPU time consumed: 4ms

setting SystemCallFilter=@network-io with curl, using seccomp filtering

❯ systemd-run --wait --user --pty --property="SystemCallFilter=@network-io" curl google.com
Running as unit: run-u1628.service
Press ^] three times within 1s to disconnect TTY.
Finished with result: core-dump
Main processes terminated with: code=dumped/status=SYS
Service runtime: 72ms
CPU time consumed: 2ms

journal report

❯ journalctl -S '1m ago'
Oct 08 12:40:17 voidheart systemd[2095]: Started /run/current-system/sw/bin/curl google.com.
Oct 08 12:40:17 voidheart systemd[2095]: Failed to reset TTY ownership/access mode of /dev/pts/24, ignoring: Operation not permit>
Oct 08 12:40:21 voidheart rtkit-daemon[4001]: Supervising 18 threads of 13 processes of 1 users.
Oct 08 12:40:21 voidheart rtkit-daemon[4001]: Supervising 18 threads of 13 processes of 1 users.
Oct 08 12:40:35 voidheart systemd[2095]: Started /run/current-system/sw/bin/curl google.com.
Oct 08 12:40:35 voidheart audit[887685]: SECCOMP auid=1000 uid=1000 gid=100 ses=3 subj=kernel pid=887685 comm="curl" exe="/nix/st>
Oct 08 12:40:35 voidheart kernel: audit: type=1326 audit(1665247235.386:101): auid=1000 uid=1000 gid=100 ses=3 subj=kernel pid=88>
Oct 08 12:40:35 voidheart systemd[1]: Started Process Core Dump (PID 887686/UID 0).
Oct 08 12:40:35 voidheart systemd-coredump[887687]: [🡕] Process 887685 (curl) of user 1000 dumped core.
                                                    
                                                    Module linux-vdso.so.1 with build-id 712f4452275d48177d3f0fda1d2d4ef2512c1123
                                                    Module ld-linux-x86-64.so.2 with build-id 1180372711cb8cd25666958e5573b11f5fd>
                                                    Module curl with build-id b850bd19ca86baff2145f7b86cc63fba84e96322
                                                    Stack trace of thread 887685:
                                                    #0  0x00007f1c0fb665db access (ld-linux-x86-64.so.2 + 0x235db)
                                                    #1  0x00007f1c0fb63586 dl_main (ld-linux-x86-64.so.2 + 0x20586)
                                                    #2  0x00007f1c0fb5f966 _dl_sysdep_start (ld-linux-x86-64.so.2 + 0x1c966)
                                                    #3  0x00007f1c0fb61525 _dl_start (ld-linux-x86-64.so.2 + 0x1e525)
                                                    #4  0x00007f1c0fb60308 _start (ld-linux-x86-64.so.2 + 0x1d308)
                                                    ELF object binary architecture: AMD x86-64
Oct 08 12:40:35 voidheart systemd[2095]: run-u1628.service: Main process exited, code=dumped, status=31/SYS
Oct 08 12:40:35 voidheart systemd[2095]: run-u1628.service: Failed with result 'core-dump'.
Oct 08 12:40:35 voidheart systemd[2095]: Failed to reset TTY ownership/access mode of /dev/pts/24, ignoring: Operation not permit>
Oct 08 12:40:35 voidheart systemd[1]: systemd-coredump@11-887686-0.service: Deactivated successfully.

resources:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment