summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--pkg/sentry/fs/inode.go5
-rw-r--r--pkg/sentry/fs/proc/README.md2
-rw-r--r--pkg/sentry/fs/proc/fds.go5
-rw-r--r--pkg/sentry/fs/proc/task.go2
-rw-r--r--pkg/sentry/kernel/auth/user_namespace.go5
-rw-r--r--pkg/sentry/kernel/version.go2
-rw-r--r--pkg/sentry/syscalls/linux/linux64.go21
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go3
-rw-r--r--pkg/sentry/syscalls/linux/sys_thread.go4
9 files changed, 24 insertions, 25 deletions
diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go
index 95769ccf8..38b140bd2 100644
--- a/pkg/sentry/fs/inode.go
+++ b/pkg/sentry/fs/inode.go
@@ -439,10 +439,7 @@ func (i *Inode) CheckOwnership(ctx context.Context) bool {
// CheckCapability checks whether `ctx` has capability `cp` with respect to
// operations on this Inode.
//
-// Compare Linux's kernel/capability.c:capable_wrt_inode_uidgid(). Note that
-// this function didn't exist in Linux 3.11.10, but was added by upstream
-// 23adbe12ef7d "fs,userns: Change inode_capable to capable_wrt_inode_uidgid"
-// to fix local privilege escalation CVE-2014-4014.
+// Compare Linux's kernel/capability.c:capable_wrt_inode_uidgid().
func (i *Inode) CheckCapability(ctx context.Context, cp linux.Capability) bool {
uattr, err := i.UnstableAttr(ctx)
if err != nil {
diff --git a/pkg/sentry/fs/proc/README.md b/pkg/sentry/fs/proc/README.md
index e1ed88512..686d40f0c 100644
--- a/pkg/sentry/fs/proc/README.md
+++ b/pkg/sentry/fs/proc/README.md
@@ -223,7 +223,7 @@ Number of seconds idle | Always zero
```bash
$ cat /proc/version
-Linux version 3.11.10 #1 SMP Fri Nov 29 10:47:50 PST 2013
+Linux version 4.4 #1 SMP Sun Jan 10 15:06:54 PST 2016
```
## Process-specific data
diff --git a/pkg/sentry/fs/proc/fds.go b/pkg/sentry/fs/proc/fds.go
index 5ebb33703..5acbce75e 100644
--- a/pkg/sentry/fs/proc/fds.go
+++ b/pkg/sentry/fs/proc/fds.go
@@ -173,11 +173,6 @@ func (f *fdDir) Check(ctx context.Context, inode *fs.Inode, req fs.PermMask) boo
if t := kernel.TaskFromContext(ctx); t != nil {
// Allow access if the task trying to access it is in the
// thread group corresponding to this directory.
- //
- // N.B. Technically, in Linux 3.11, this compares what would be
- // the equivalent of task pointers. However, this was fixed
- // later in 54708d2858e7 ("proc: actually make
- // proc_fd_permission() thread-friendly").
if f.t.ThreadGroup() == t.ThreadGroup() {
return true
}
diff --git a/pkg/sentry/fs/proc/task.go b/pkg/sentry/fs/proc/task.go
index 404faea0a..9f13ff91c 100644
--- a/pkg/sentry/fs/proc/task.go
+++ b/pkg/sentry/fs/proc/task.go
@@ -76,7 +76,7 @@ func newTaskDir(t *kernel.Task, msrc *fs.MountSource, pidns *kernel.PIDNamespace
"gid_map": newGIDMap(t, msrc),
// TODO: This is incorrect for /proc/[pid]/task/[tid]/io, i.e. if
// showSubtasks is false:
- // http://lxr.free-electrons.com/source/fs/proc/base.c?v=3.11#L2980
+ // https://elixir.bootlin.com/linux/v4.4/source/fs/proc/base.c#L3154
"io": newIO(t, msrc),
"maps": newMaps(t, msrc),
"mountinfo": seqfile.NewSeqFileInode(t, &mountInfoFile{t: t}, msrc),
diff --git a/pkg/sentry/kernel/auth/user_namespace.go b/pkg/sentry/kernel/auth/user_namespace.go
index 5bb9c44c0..30957bb9a 100644
--- a/pkg/sentry/kernel/auth/user_namespace.go
+++ b/pkg/sentry/kernel/auth/user_namespace.go
@@ -49,10 +49,7 @@ type UserNamespace struct {
gidMapFromParent idMapSet
gidMapToParent idMapSet
- // TODO: Consider supporting disabling setgroups(2), which "was
- // added in Linux 3.19, but was backported to many earlier stable kernel
- // series, because it addresses a security issue" - user_namespaces(7). (It
- // was not backported to 3.11.10, which we are currently imitating.)
+ // TODO: Support disabling setgroups(2).
}
// NewRootUserNamespace returns a UserNamespace that is appropriate for a
diff --git a/pkg/sentry/kernel/version.go b/pkg/sentry/kernel/version.go
index 72bb0f93c..8d2f14209 100644
--- a/pkg/sentry/kernel/version.go
+++ b/pkg/sentry/kernel/version.go
@@ -19,7 +19,7 @@ type Version struct {
// Operating system name (e.g. "Linux").
Sysname string
- // Operating system release (e.g. "3.11.10-amd64").
+ // Operating system release (e.g. "4.4-amd64").
Release string
// Operating system version. On Linux this takes the shape
diff --git a/pkg/sentry/syscalls/linux/linux64.go b/pkg/sentry/syscalls/linux/linux64.go
index 11bf81f88..13084c0ef 100644
--- a/pkg/sentry/syscalls/linux/linux64.go
+++ b/pkg/sentry/syscalls/linux/linux64.go
@@ -32,15 +32,19 @@ import (
const _AUDIT_ARCH_X86_64 = 0xc000003e
// AMD64 is a table of Linux amd64 syscall API with the corresponding syscall
-// numbers from Linux 3.11. The entries commented out are those syscalls we
+// numbers from Linux 4.4. The entries commented out are those syscalls we
// don't currently support.
var AMD64 = &kernel.SyscallTable{
OS: abi.Linux,
Arch: arch.AMD64,
Version: kernel.Version{
+ // Version 4.4 is chosen as a stable, longterm version of Linux, which
+ // guides the interface provided by this syscall table. The build
+ // version is that for a clean build with default kernel config, at 5
+ // minutes after v4.4 was tagged.
Sysname: "Linux",
- Release: "3.11.10",
- Version: "#1 SMP Fri Nov 29 10:47:50 PST 2013",
+ Release: "4.4",
+ Version: "#1 SMP Sun Jan 10 15:06:54 PST 2016",
},
AuditNumber: _AUDIT_ARCH_X86_64,
Table: map[uintptr]kernel.SyscallFn{
@@ -358,9 +362,18 @@ var AMD64 = &kernel.SyscallTable{
// 311: ProcessVmWritev, TODO may require cap_sys_ptrace
312: syscalls.CapError(linux.CAP_SYS_PTRACE), // Kcmp, requires cap_sys_ptrace
313: syscalls.CapError(linux.CAP_SYS_MODULE), // FinitModule, requires cap_sys_module
- // "Backports."
+ // 314: SchedSetattr, TODO, we have no scheduler
+ // 315: SchedGetattr, TODO, we have no scheduler
+ // 316: Renameat2, TODO
317: Seccomp,
318: GetRandom,
+ // 319: MemfdCreate, TODO
+ 320: syscalls.CapError(linux.CAP_SYS_BOOT), // KexecFileLoad, infeasible to support
+ 321: syscalls.CapError(linux.CAP_SYS_ADMIN), // Bpf, requires cap_sys_admin for all commands
+ // 322: Execveat, TODO
+ // 323: Userfaultfd, TODO
+ // 324: Membarrier, TODO
+ 325: syscalls.Error(nil), // Mlock2, TODO
},
Emulate: map[usermem.Addr]uintptr{
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index a70f35be0..89d21dd98 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -1140,9 +1140,6 @@ func mayLinkAt(t *kernel.Task, target *fs.Inode) error {
// always enabled, and thus imposes the following restrictions on hard
// links.
- // Technically Linux is more restrictive in 3.11.10 (requires CAP_FOWNER in
- // root user namespace); this is from the later f2ca379642d7 "namei: permit
- // linking with CAP_FOWNER in userns".
if target.CheckOwnership(t) {
// fs/namei.c:may_linkat: "Source inode owner (or CAP_FOWNER)
// can hardlink all they like."
diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go
index 820ca680e..9eed613a1 100644
--- a/pkg/sentry/syscalls/linux/sys_thread.go
+++ b/pkg/sentry/syscalls/linux/sys_thread.go
@@ -159,8 +159,8 @@ func clone(t *kernel.Task, flags int, stack usermem.Addr, parentTID usermem.Addr
}
// Clone implements linux syscall clone(2).
-// sys_clone has so many flavors. We implement the default one in the
-// current linux 3.11 x86_64:
+// sys_clone has so many flavors. We implement the default one in linux 3.11
+// x86_64:
// sys_clone(clone_flags, newsp, parent_tidptr, child_tidptr, tls_val)
func Clone(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) {
flags := int(args[0].Int())