Allow disabling seccomp and update documentation.

2023-01-30 18:13:11 +01:00 · 2023-01-30 18:13:11 +01:00 · ee5ec83339
commit ee5ec83339
parent 7dafe38c72
3 changed files with 33 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -92,6 +92,9 @@ Pesterchum is a Python script. This means that as long as you have Python instal
     - Useful for Linux systems that don't meet the Qt6 requirements, as Qt5 Multimedia has a GStreamer dependency.
 - (Optional) [certifi] can provide alternative root certificates for TLS certificate validation.
     - Useful for MacOS, as Python doesn't use the system-provided certificates because of MacOS' outdated SSL library. Also miscellaneous systems without usable root certificates.
+ - (Optional) [libseccomp] and its Python bindings on Linux let Pesterchum apply seccomp-bpf restrictions on itself.
+    - Packages on Arch: ``libseccomp python-libseccomp``
+    - Packages on Debian: ``libseccomp2 python-seccomp``
 
 ### WALKTHROUGH

--- a/libseccomp.py
+++ b/libseccomp.py
@ -4,7 +4,7 @@ This prevents the process from using certain system calls, which has some securi
 Since Python and Qt use many calls and are pretty high-level, things are prone to breaking though.
 Certain features like opening links almost always break.

-Uses libseccomp's Python bindings, which aren't available on the pypi.
+Uses libseccomp's Python bindings, which sadly aren't available on PyPi (yet).
 Check your distro's package manager for python-libseccomp (Arch) or python3-seccomp (Debian).

 For info on system calls referencing software that uses seccomp like firejail/flatpak is useful.
@ -29,8 +29,8 @@ def load_seccomp_blacklist():
    if seccomp is None:
        pesterchum_log.warning(
            "Failed to import seccomp, verify you have"
-            " python-libseccomp (Arch) or python3-seccomp (Debian) installed"
-            " and aren't running a pyinstaller build."
+            " python-libseccomp (Arch) or python3-seccomp (Debian) installed."
+            " If this is a pyinstaller/cx_freeze build, it may also be a linking issue."
        )
        return
    # Allows all calls by default.
@ -55,8 +55,8 @@ def load_seccomp_whitelist():
    if seccomp is None:
        pesterchum_log.error(
            "Failed to import seccomp, verify you have"
-            " python-libseccomp (Arch) or python3-seccomp (Debian) installed"
-            " and aren't running a pyinstaller build."
+            " python-libseccomp (Arch) or python3-seccomp (Debian) installed."
+            " If this is a pyinstaller/cx_freeze build, it may also be a linking issue."
        )
        return
    # Violation gives "Operation not permitted".
--- a/pesterchum.py
+++ b/pesterchum.py
@ -110,15 +110,18 @@ parser.add_argument(
    "--nohonk", action="store_true", help="Disables the honk soundeffect 🤡📣"
 )
 if ostools.isLinux():
+    parser.add_argument(
+        "--no-seccomp",
+        action="store_true",
+        help=("Disable seccomp completely. (do this if it causes issues)"),
+    )
    parser.add_argument(
        "--strict-seccomp",
        action="store_true",
        help=(
-            "Restrict the system calls Pesterchum is allowed to make via seccomp."
-            " Has some security benefits, but since Python and Qt use many calls"
-            " and are pretty high-level, things are prone to breaking."
-            " Certain features like opening links always break."
-            " (Requires Linux and libseccomp's Python bindings, not available in frozen builds.)"
+            "Apply a stricter seccomp-bpf filter that only allows required system calls."
+            " This breaks certain features like opening links."
+            " (Requires Linux and libseccomp's Python bindings.)"
        ),
    )

@ -1698,14 +1701,21 @@ class PesterWindow(MovingWindow):

        # Activate seccomp on Linux if enabled
        if ostools.isLinux():
-            try:
-                libseccomp.load_seccomp_blacklist()  # Load blacklist always
-                if "strict-seccomp" in options:
-                    if options["strict-seccomp"]:
-                        libseccomp.load_seccomp_whitelist()  # Load whitelist if enabled
-            except RuntimeError:
-                # We probably tried to interact with a call not available on this kernel.
-                PchumLog.exception("")
+            self.seccomp(options)
+
+    def seccomp(self, options):
+        """Load seccomp-bpf filter depending on arguments passed."""
+        if "no-seccomp" in options:
+            if options["no-seccomp"]:
+                return
+        try:
+            libseccomp.load_seccomp_blacklist()  # Load blacklist filter by default
+            if "strict-seccomp" in options:
+                if options["strict-seccomp"]:
+                    libseccomp.load_seccomp_whitelist()  # Load whitelist filter if enabled
+        except RuntimeError:
+            # We probably tried to interact with a call not available on this kernel.
+            PchumLog.exception("")

    @QtCore.pyqtSlot(QString, QString)
    def updateMsg(self, ver, url):
@ -4598,7 +4608,8 @@ class MainProgram(QtCore.QObject):
            if ostools.isLinux():
                if args.strict_seccomp:
                    options["strict-seccomp"] = True
-
+                if args.no_seccomp:
+                    options["no-seccomp"] = True
        except Exception as e:
            print(e)
            return options