From: Eduardo Otubo <otubo@linux.vnet.ibm.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c
Date: Mon, 7 May 2012 09:28:50 -0300 [thread overview]
Message-ID: <20120507122849.GC10516@bluepex.com> (raw)
In-Reply-To: <4FA7AB6D.5020502@redhat.com>
On Mon, May 07, 2012 at 01:01:01PM +0200, Paolo Bonzini wrote:
> Il 04/05/2012 23:59, Andreas Färber ha scritto:
> >> > +static struct qemu_seccomp_syscall seccomp_whitelist[] = {
> >> > + {SCMP_SYS(timer_settime), 255},
> > Spaces inside braces please.
> >
> >> > + {SCMP_SYS(timer_gettime), 254},
> >> > + {SCMP_SYS(futex), 253},
> >> > + {SCMP_SYS(select), 252},
> >> > + {SCMP_SYS(recvfrom), 251},
> >> > + {SCMP_SYS(sendto), 250},
> >> > + {SCMP_SYS(read), 249},
> >> > + {SCMP_SYS(brk), 248},
> >> > + {SCMP_SYS(clone), 247},
> >> > + {SCMP_SYS(mmap), 247},
> >> > + {SCMP_SYS(mprotect), 246},
> >> > + {SCMP_SYS(rt_sigprocmask), 245},
> >> > + {SCMP_SYS(write), 244},
> >> > + {SCMP_SYS(fcntl), 243},
> >> > + {SCMP_SYS(tgkill), 242},
> >> > + {SCMP_SYS(rt_sigaction), 242},
> >> > + {SCMP_SYS(pipe2), 242},
> >> > + {SCMP_SYS(munmap), 242},
> >> > + {SCMP_SYS(mremap), 242},
> >> > + {SCMP_SYS(getsockname), 242},
> >> > + {SCMP_SYS(getpeername), 242},
> >> > + {SCMP_SYS(fdatasync), 242},
> >> > + {SCMP_SYS(close), 242}
> >> > +};
> >> > +
>
> At least the following are also used: recvmsg, sendmsg, accept, connect,
> bind, listen, ioctl, fallocate, eventfd. I don't know if all of them
> have to be included in the list. Other syscalls are not used but
> probably should be allowed for simplicity, for example poll.
You straced those syscalls from what kind of guest? Can you provide the
frequency they appear on a strace of you example so we can set the
priority? Don't need any fancy report, just some grep's and wc's on a
strace output should be just fine.
>
> For ioctl, we may want to refine the white-list depending on the
> argument, and perhaps even filter by file descriptor (the KVM ioctls are
> in relatively fast paths, so it would be nice if they were passed with
> fewer BPF ops).
>
> BTW, please keep this out of vl.c, so that all hairiness can be added as
> appropriate.
I thought it would be overkill the create a new seccomp.[c|h] just for this
purpose. But yes, we can start thinking about that since the features might
grow in the future.
Thanks for the comments,
Regards
--
Eduardo Otubo
Software Engineer
Linux Technology Center
IBM Systems & Technology Group
Mobile: +55 19 8135 0885
eotubo@linux.vnet.ibm.com
next prev parent reply other threads:[~2012-05-07 12:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-04 19:08 [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp Eduardo Otubo
2012-05-04 19:08 ` [Qemu-devel] [RFC] [PATCH 1/2] Adding support for libseccomp in configure Eduardo Otubo
2012-05-04 19:08 ` [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c Eduardo Otubo
2012-05-04 21:59 ` Andreas Färber
2012-05-07 11:01 ` Paolo Bonzini
2012-05-07 12:28 ` Eduardo Otubo [this message]
2012-05-07 12:34 ` Paolo Bonzini
2012-05-07 12:16 ` Eduardo Otubo
2012-05-08 9:15 ` [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp Daniel P. Berrange
2012-05-08 11:32 ` Stefano Stabellini
2012-05-08 14:10 ` Corey Bryant
2012-05-08 14:27 ` Daniel P. Berrange
2012-05-08 15:19 ` Corey Bryant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120507122849.GC10516@bluepex.com \
--to=otubo@linux.vnet.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.