Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
configure: Add a flag to disable seccomp.
This is needed for new arches where libseccomp support doesn't exist yet. Fixes #1878.
- Loading branch information
Showing
4 changed files
with
19 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
690ac7c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Disabling seccomp has significant security implications. It's really not optional on Linux.
690ac7c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This broke the setuid tests: https://hydra.nixos.org/eval/1434204
690ac7c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@edolstra I'll take a look at the tests in a bit, but re your first comment what do you recommend people on arches without seccomp do? And if it's not optional why is there a setting to disable it at runtime, and why do we allow nix to build on systems that don't have seccomp at all or something similar?
690ac7c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The motivation for the setting is here: 1dd29d7
Multi-user Nix is insecure on any platform where we can't prevent the creation of setuid/setgid binaries. There is a runtime check for that in
build.cc
.690ac7c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@edolstra Should we just extend that runtime check to fail with seccomp is disabled then? Where is the check?
690ac7c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The check is
However, it seems better to change
setupSeccomp()
to:So multi-user builds on RISC-V would fail unless filterSyscalls is explicitly set to false.
690ac7c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#1882