[lxc-devel] [RFC] Seccomp default policies and rules

[Purcareata Bogdan]

Hello,

While playing around with containers and seccomp, I've come up with a 
couple of thoughts, and I would like to hear some official input on these:

1. There's currently no way to set a default rule action - this is set 
to "kill" for blacklist policies, and "allow" for whitelist policies. I 
thought it would be nice to add the possibility to e.g. set the default 
rule action to "errno #" when using a blacklist policy, which can be 
overridden on a per-syscall basis. This implies changing the format of 
the seccomp policy file, what do you think would be the best way to do that?

2. This is not particularly related to lxc/seccomp, but there's 
currently no sanity check of the soundness of the seccomp context. 
Basically meaning that for whitelist polcies, the policy action should 
be restrictive (kill, trap, errno) and rule actions should be permissive 
(allow), and viceversa. You can easily shoot yourself in the foot by 
writing something like "blacklist kill" in your seccomp policy file (and 
I did). Albeit libseccomp lets you do this, so it's up to the admin to 
make sure the context is sound, I think some basic checks and warnings 
when setting the actions would be nice (at least for newbies like myself).

Thanks,
Bogdan P.