Skip to content

Commit

Permalink
Add missing syscalls to i386 seccomp policy (elastic#13008) (elastic#…
Browse files Browse the repository at this point in the history
…13030)

This included fstatat64 which is called by os.Stat() and used in quite a few places around Beats codebase.

Fixes elastic#12990

(cherry picked from commit 33d267d)
  • Loading branch information
adriansr authored Jul 23, 2019
1 parent 02bb487 commit e167d67
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ https://github.com/elastic/beats/compare/v7.2.0...7.2[Check the HEAD diff]

*Affecting all Beats*

- Fix seccomp policy preventing some features to function properly on 32bit Linux systems. {issue}12990[12990] {pull}13008[13008]

*Auditbeat*

*Filebeat*
Expand Down
4 changes: 4 additions & 0 deletions libbeat/common/seccomp/policy_linux_386.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ func init() {
"fdatasync",
"flock",
"fstat64",
"fstatat64",
"fsync",
"ftruncate64",
"futex",
Expand All @@ -61,6 +62,7 @@ func init() {
"getpid",
"getppid",
"getrandom",
"getrlimit",
"getrusage",
"gettid",
"gettimeofday",
Expand All @@ -84,6 +86,7 @@ func init() {
"pipe2",
"poll",
"pread64",
"prlimit64",
"pselect6",
"pwrite64",
"read",
Expand All @@ -106,6 +109,7 @@ func init() {
"setuid32",
"sigaltstack",
"socketcall",
"splice",
"stat",
"stat64",
"statfs64",
Expand Down
44 changes: 44 additions & 0 deletions libbeat/tests/system/test_seccomp.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
import platform
import unittest
from base import BaseTest


def is_version_below(version, target):
t = map(int, target.split('.'))
v = map(int, version.split('.'))
v += [0] * (len(t) - len(v))
for i in range(len(t)):
if v[i] != t[i]:
return v[i] < t[i]
return False


# Require Linux greater or equal than 3.17 and 386/amd64 platform
def is_seccomp_supported():
p = platform.platform().split('-')
if p[0] != 'Linux':
return False
if is_version_below(p[1], '3.17'):
return False
return {'i386', 'i686', 'x86_64', 'amd64'}.intersection(p)


@unittest.skipUnless(is_seccomp_supported(), "Requires Linux 3.17 or greater and i386/amd64 architecture")
class Test(BaseTest):
"""
Test Beat seccomp policy is loaded
"""

def setUp(self):
super(BaseTest, self).setUp()

def test_seccomp_installed(self):
"""
Test seccomp policy is installed
"""
self.render_config_template(
)
proc = self.start_beat(extra_args=["-N"])
self.wait_until(lambda: self.log_contains("Syscall filter successfully installed"))

proc.kill_and_wait()

0 comments on commit e167d67

Please sign in to comment.