seccomp: block io_uring_* syscalls in default profile

This syncs the seccomp profile with changes made to containerd's default profile in [1]. The original containerd issue and PR mention: > Security experts generally believe io_uring to be unsafe. In fact > Google ChromeOS and Android have turned it off, plus all Google > production servers turn it off. Based on the blog published by Google > below it seems like a bunch of vulnerabilities related to io_uring can > be exploited to breakout of the container. > > [2] > > Other security reaserchers also hold this opinion: see [3] for a > blackhat presentation on io_uring exploits. For the record, these syscalls were added to the allowlist in [4]. [1]: containerd/containerd@a48ddf4 [2]: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html [3]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Lin-bad_io_uring.pdf [4]: moby#39415 Signed-off-by: Albin Kerouanton <[email protected]>
mysmartspaces · Nov 2, 2023 · 891241e · 891241e
1 parent f44b085
commit 891241e
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 6 deletions.
diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
@@ -183,9 +183,6 @@
 				"ioprio_set",
 				"io_setup",
 				"io_submit",
-				"io_uring_enter",
-				"io_uring_register",
-				"io_uring_setup",
 				"ipc",
 				"kill",
 				"landlock_add_rule",

diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
@@ -175,9 +175,6 @@ func DefaultProfile() *Seccomp {
 					"ioprio_set",
 					"io_setup",
 					"io_submit",
-					"io_uring_enter",
-					"io_uring_register",
-					"io_uring_setup",
 					"ipc",
 					"kill",
 					"landlock_add_rule",