From: "Daniel P. Berrange" <berrange@redhat.com>
To: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp
Date: Tue, 8 May 2012 10:15:35 +0100 [thread overview]
Message-ID: <20120508091535.GB18762@redhat.com> (raw)
In-Reply-To: <cover.1336143671.git.otubo@linux.vnet.ibm.com>
On Fri, May 04, 2012 at 04:08:36PM -0300, Eduardo Otubo wrote:
> Hello all,
>
> This is the first effort to sandboxing Qemu guests using Libseccomp[0]. The
> patches that follows are pretty simple and straightforward. I added the correct
> options and checks to the configure script and the basic calls to libseccomp in
> the main loop at vl.c. Details of each one are in the emails of the patch set.
>
> This support limits the system call footprint of the entire QEMU process to a
> limited set of syscalls, those that we know QEMU uses. The idea is to limit
> the allowable syscalls, therefore limiting the impact that an attacked guest
> could have on the host system.
What functionality has been lost by applying this seccomp filter ? I've not
looked closely at the code, but it appears as if this blocks pretty much
any kind of runtime device changes. ie no hotplug of any kind will work ?
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2012-05-08 9:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-04 19:08 [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp Eduardo Otubo
2012-05-04 19:08 ` [Qemu-devel] [RFC] [PATCH 1/2] Adding support for libseccomp in configure Eduardo Otubo
2012-05-04 19:08 ` [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c Eduardo Otubo
2012-05-04 21:59 ` Andreas Färber
2012-05-07 11:01 ` Paolo Bonzini
2012-05-07 12:28 ` Eduardo Otubo
2012-05-07 12:34 ` Paolo Bonzini
2012-05-07 12:16 ` Eduardo Otubo
2012-05-08 9:15 ` Daniel P. Berrange [this message]
2012-05-08 11:32 ` [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp Stefano Stabellini
2012-05-08 14:10 ` Corey Bryant
2012-05-08 14:27 ` Daniel P. Berrange
2012-05-08 15:19 ` Corey Bryant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120508091535.GB18762@redhat.com \
--to=berrange@redhat.com \
--cc=otubo@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.