Gracefully blocking clone3 and similar syscalls

[kmk3]

Background

@nutta-git on Oct 5:

Ubisoft connect doesn't work with Lutris's default profile.

@nutta-git on Oct 24:

I think I found the right syscalls for this issue: ptrace,clone3 (and
optionally) process_vm_readv.

I had journalctl -f | grep "kernel" running, looking for syscalls lutris
was using I need to whitelist just ptrace and clone3, journalctl did list
for process_vm_ready when a game was running, but it didn't crash the game.

seccomp !modify_ldt,!clone3,!ptrace,!process_vm_readv

seccomp.32 !modify_ldt

@rusty-snake on Oct 25:

OT: Do we allow clone3 with restrict-namespaces?

To clarify the issue, clone3(2) has the following signature:

long syscall(SYS_clone3, struct clone_args *cl_args, size_t size);

And the namespaces are specified in *cl_args, which means that
restrict-namespaces cannot restrict them because seccomp cannot dereference
pointers.

Relevant firejail code for restrict-namespaces:

#ifdef SYS_clone3
		// cannot inspect clone3 argument because
		// seccomp does not dereference pointers
		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_clone3, 0, 1),
		RETURN_ERRNO(ENOSYS), // hint to use clone instead
#endif

Testing

From my testing of how firejail handles clone3:

• seccomp.drop clone3 -> EPERM
• seccomp.drop clone3 + restrict-namespaces -> EPERM
• restrict-namespaces -> ENOSYS

Test code

#include <linux/sched.h>    /* Definition of struct clone_args */
#include <sched.h>          /* Definition of CLONE_* constants */
#include <sys/syscall.h>    /* Definition of SYS_* constants */
#include <stdio.h>
#include <unistd.h>

int main()
{
	struct clone_args args = { .flags = CLONE_NEWUSER };
	pid_t pid = syscall(SYS_clone3, &args, sizeof(struct clone_args));
	if (pid < 0) {
		perror("clone3");
		return 1;
	}

	if (pid != 0) {
		printf("PID: %d\n", pid);
	}

	return 0;
}

$ gcc -Wall -Wextra main.c -o main
$ ./main
PID: 1234
$ firejail --quiet --noprofile --seccomp.drop=clone3 ./main
clone3: Operation not permitted
$ firejail --quiet --noprofile --seccomp.drop=clone3 --restrict-namespaces ./main
clone3: Operation not permitted
$ firejail --quiet --noprofile --restrict-namespaces ./main
clone3: Function not implemented

Proposal

It seems understandable that a given program would treat ENOSYS as clone3 not
existing and then fall back to normal clone and that it would treat EPERM as
clone3 simply failing for whatever reason and considering that an unrecoverable
error.

So I think it would make sense to do the following:

• Allow clone3 where needed
• Make seccomp always return ENOSYS for clone3
• Make seccomp always return ENOSYS for other syscalls in similar situations,
  if any (that is, when it is incompatible with certain options + there is a
  fallback syscall available)

Thoughts?