User Details
- User Since
- Sep 22 2016, 3:29 PM (396 w, 1 d)
- Availability
- Available
Jul 9 2018
I was asked in private about the current state of libseccomp integration and why there was no progress in a long time.
The current state is, that I have implemented seccomp support in kfilemetadata using this API:
bool setProcessReadOnly(uint32_t defaultAction, std::vector<SeccompFilter> addionalWhitelist)
But there are two blockers, related to external plugins:
- External plugins based on interpreters like python/lua/perl etc. need a huge whitelist. This is problematic as I want to keep the list of allowed syscalls as small as possible (the list would be huge). Additionally, it would be difficult to get a list of all needed syscalls. Thus, we would break many external plugins.
- Baloo is basically unmaintained. Thus, if something breaks, fixing it should be as easy as possible. But what if QT requires a new syscall and thus, the tests (and deployments) are failing? We need a way to know which syscall failed. This works for kfilemetadata plugins, but not for external plugins (because they are separate processes). The only way I can image, would be running the whole test with strace.
Mar 20 2018
I think Seccomp would be usefull in the baloo_file_temp_extractor too. What API would you suggest? I think on something like
KFileMetaData::setProcessReadOnly(KFileMetaData::SeccompAction action, QList<KFileMetaData::SeccompFilter> addionalWhitelist)
Feb 24 2018
Sorry for the late reply and the slow process in general. Reallife keeps me busy...
If we want to test this, we would need a directory with files for each extractor (kfilemetadata includes such files for its autotests). Then, we should configure seccomp to kill the process if it calls a prohibited syscall. The test should then index all files in the directory. Unfortunately we can't test some things, e.g. the dbus integration and communication with baloo_file. This would need a test which starts the whole extractor as a child process. But i'm not sure if thats feasible. What do you think?
In case the decision goes in favor of the blacklist, would it be possible to add ptrace, process_vm_readv, process_vm_writev?
That's possible of course.
Feb 1 2018
So shall this go into master or 17.12? It needs the change in kdepim-runtime to improve things.
Improve uservisible message.
The change improves the current state in case the user doesn't grant the access scopes. Only if the user presses the cancel button, the change in libkgapi is needed. So I think it makes sense in 17.12.
kdepim-runtime RR: D10222
Jan 31 2018
Shall I push it to 17.12?
Push to 17.12?
Jan 29 2018
So, are there any more opinions on the whitelist vs. blacklist topic?
Personally I still prefer the blacklist as I fear regressions in the future, especially because baloo is unmaintained.
Jan 28 2018
Update TODO items.
Thanks for your review.
Fix version.
@cgiboudeaux is it ready to go now?
Jan 20 2018
Unfortunately i can't reproduce the crash (with QT 5.10.0).
Jan 18 2018
I'm fine with putting a QStringLiteral version into 17.12.
Fix most issues.
Jan 17 2018
Fix style and constify
Jan 15 2018
Jan 13 2018
Remove question in commit message
Jan 12 2018
Jan 5 2018
Fix remaining problems
Just adding my 2 cent: I think the filter should work fine, as SCMP_SYS is explicit available to support different platforms. If the syscall isn't available, it uses negative pseudo syscall numbers to ignore those syscalls.
Nov 26 2017
Thank you, missed this when renaming the docs.
Fix variable names
Nov 25 2017
Remove apparently unneeded version check
Nov 11 2017
Improve commit message
Nov 9 2017
Thanks for the git hint and the revew.
Then we should remove this code too.
Oct 28 2017
Oct 25 2017
Fix commit message.
Oct 24 2017
Adding some devs who worked on kfilemetadata in the past.
Oct 17 2017
Oct 16 2017
Mar 7 2017
When having many devices, the list quickly becomes longer than the available space and you need to scroll. Which is difficult, because you can't use the scrollwheel for that on most of the applet because of the sliders.
That's an issue in systray and not in plasma-pa, you can always use it outside of systray to have bigger popup.
I've tried disabling the wheel scrolling on sliders (because you can't disable it with QtQuickControls) with various hacks, but I failed. There was a patch to Qt to make it configurable, but it was rejected.
Jan 28 2017
This needs more changes, will upload again if everything works.
Fix method name
Move the file instead of copying it
Oct 25 2016
Thanks for pointing this out, pushed in a separate commit.
Oct 22 2016
Oct 16 2016
Oct 15 2016
Sorry for the noise, I have some problems with phabricator.