Hi,
I was reading tests/18-sim-basic_whitelist.c.
If I understand it correctly, it does the following:
read
, write
, close
, and rt_sigreturn
syscalls (only if they act on stdin, stdout, stderr).This is not whitelisting, this is blacklisting.
Should the file be renamed? Should all KILL
s and ACCEPT
s be swapped to achieve whitelisting?
It would be nice to have a true whitelisting example, since this is the strongly recommended use of seccomp.
Yes, it should probably be renamed, but to be honest, the name of these isn't very important, the content of the test is what matters.
Enhancement suggestion: It would be nice to _additionally_ have a whitelisting test. Test cases tend to be used by developers as reference or code example. :+1:
I just found a library (not written by me) which had basically the same bug. It meant to do whitelisting with seccomp but actually did blacklisting. I cannot tell whether this was an independent bug or maybe subconsciously induced by this test case.
By the way: do you want me to delete this comment and open a separate issue for this?
Merged in 5e0a33f8f5c086204451041c43010e4ab51b5c6e, thanks @lucab!
Most helpful comment
Merged in 5e0a33f8f5c086204451041c43010e4ab51b5c6e, thanks @lucab!