Move tuntap devices opening to before loading the seccomp rules

[ricarkol]

Move tuntap devices opening to before loading the seccomp rules. This could make the seccomp rules tighter.

The opening happens when doing /sbin/ifconfig eth0 10.0.0.2 up from the guest. Here is the full stack:

(gdb) bt
#0  tuntap_open (data=0xd01ebed0) at arch/um/os-Linux/drivers/tuntap_user.c:129
#1  0x000000006001ef69 in uml_net_open (dev=0xd01eb800) at arch/um/drivers/net_kern.c:155
#2  0x0000000060220ca7 in __dev_open (dev=0xd01eb800, extack=0x0) at net/core/dev.c:1405
#3  0x0000000060221018 in __dev_change_flags (dev=0xd01eb800, flags=4163, extack=<optimized out>) at net/core/dev.c:7568
#4  0x00000000602210e6 in dev_change_flags (dev=0xd01eb800, flags=<optimized out>, extack=<optimized out>) at net/core/dev.c:7639
#5  0x0000000060291943 in devinet_ioctl (net=<optimized out>, cmd=<optimized out>, ifr=0xd0a9fd30) at net/ipv4/devinet.c:1137
#6  0x0000000060293c97 in inet_ioctl (sock=<optimized out>, cmd=35092, arg=3526097968) at net/ipv4/af_inet.c:957
#7  0x00000000601fefc9 in sock_do_ioctl (net=0x6055e5c0 <init_net>, sock=<optimized out>, cmd=35092, arg=3526097968) at net/socket.c:1038
#8  0x00000000601ff4e0 in sock_ioctl (file=<optimized out>, cmd=35092, arg=<optimized out>) at net/socket.c:1189
#9  0x00000000600bf013 in vfs_ioctl (filp=<optimized out>, cmd=<optimized out>, arg=<optimized out>) at fs/ioctl.c:46
#10 0x00000000600bfb79 in do_vfs_ioctl (filp=0xd0009400, fd=3, cmd=<optimized out>, arg=<optimized out>) at fs/ioctl.c:698
#11 0x00000000600bfcad in ksys_ioctl (fd=3, cmd=35092, arg=3526097968) at fs/ioctl.c:713
#12 0x00000000600bfce6 in __do_sys_ioctl (arg=<optimized out>, cmd=<optimized out>, fd=<optimized out>) at fs/ioctl.c:720
#13 __se_sys_ioctl (fd=<optimized out>, cmd=<optimized out>, arg=<optimized out>) at fs/ioctl.c:718
#14 0x000000006002c3d6 in do_syscall_64 (regs=0xd0bfcad8) at arch/x86/um/do_syscall_64.c:32
#15 0x000000006002b92f in __kernel_vsyscall () at arch/x86/um/entry_64.S:70
#16 0x0000000000000000 in ?? ()