From: "Daniel P. Berrange" <berrange@redhat.com>
To: Thomas Huth <thuth@redhat.com>,
qemu-devel@nongnu.org, pbonzini@redhat.com
Subject: Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist
Date: Fri, 11 Aug 2017 11:10:35 +0100 [thread overview]
Message-ID: <20170811101035.GH2554@redhat.com> (raw)
In-Reply-To: <20170811095112.GB11001@vader>
On Fri, Aug 11, 2017 at 11:51:12AM +0200, Eduardo Otubo wrote:
> On Thu, Aug 03, 2017 at 06:54:15PM +0200, Thomas Huth wrote:
> > On 28.07.2017 14:10, Eduardo Otubo wrote:
> > > This patch changes the default behavior of the seccomp filter from
> > > whitelist to blacklist. By default now all system calls are allowed and
> > > a small black list of definitely forbidden ones was created.
> > >
> > > Signed-off-by: Eduardo Otubo <otubo@redhat.com>
> > > ---
> > > qemu-seccomp.c | 256 +++++++--------------------------------------------------
> > > vl.c | 5 +-
> > > 2 files changed, 32 insertions(+), 229 deletions(-)
> > >
> > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > > index df75d9c471..f8877b07b5 100644
> > > --- a/qemu-seccomp.c
> > > +++ b/qemu-seccomp.c
> > > @@ -31,229 +31,29 @@ struct QemuSeccompSyscall {
> > > uint8_t priority;
> > > };
> > [...]
> > > +static const struct QemuSeccompSyscall blacklist[] = {
> > > + { SCMP_SYS(reboot), 255 },
> > > + { SCMP_SYS(swapon), 255 },
> > > + { SCMP_SYS(swapoff), 255 },
> > > + { SCMP_SYS(syslog), 255 },
> > > + { SCMP_SYS(mount), 255 },
> > > + { SCMP_SYS(umount), 255 },
> > > + { SCMP_SYS(kexec_load), 255 },
> > > + { SCMP_SYS(afs_syscall), 255 },
> > > + { SCMP_SYS(break), 255 },
> > > + { SCMP_SYS(ftime), 255 },
> > > + { SCMP_SYS(getpmsg), 255 },
> > > + { SCMP_SYS(gtty), 255 },
> > > + { SCMP_SYS(lock), 255 },
> > > + { SCMP_SYS(mpx), 255 },
> > > + { SCMP_SYS(prof), 255 },
> > > + { SCMP_SYS(profil), 255 },
> > > + { SCMP_SYS(putpmsg), 255 },
> > > + { SCMP_SYS(security), 255 },
> > > + { SCMP_SYS(stty), 255 },
> > > + { SCMP_SYS(tuxcall), 255 },
> > > + { SCMP_SYS(ulimit), 255 },
> > > + { SCMP_SYS(vserver), 255 },
> > > };
> >
> > Does it makes sense to still keep the priority field? Everything is now
> > marked with the value 255 and I currently fail to see the point of
> > priorities when using blacklisting ... so maybe just get rid of it?
>
> I think that's a fair point here. Don't see much of a point on such a
> small number of syscalls. I just need to double check the libseccomp
> docs if I can build the list without any priority information, but I'm
> pretty sure I've seen this before.
Just always pass 255 to libseccomp apis directly. Its merely redundant
to store the value 255 in this QEMU specific struct.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2017-08-11 10:10 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-28 12:10 [Qemu-devel] [PATCH v3 0/6] seccomp: feature refactoring Eduardo Otubo
2017-07-28 12:10 ` [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist Eduardo Otubo
2017-08-02 12:25 ` Daniel P. Berrange
2017-08-03 16:54 ` Thomas Huth
2017-08-11 9:51 ` Eduardo Otubo
2017-08-11 10:10 ` Daniel P. Berrange [this message]
2017-07-28 12:10 ` [Qemu-devel] [PATCH v3 2/6] seccomp: add obsolete argument to command line Eduardo Otubo
2017-08-02 12:33 ` Daniel P. Berrange
2017-08-02 12:38 ` Daniel P. Berrange
2017-08-11 9:12 ` Eduardo Otubo
2017-08-11 9:25 ` Daniel P. Berrange
2017-08-11 9:49 ` Eduardo Otubo
2017-07-28 12:10 ` [Qemu-devel] [PATCH v3 3/6] seccomp: add elevateprivileges " Eduardo Otubo
2017-08-02 12:37 ` Daniel P. Berrange
2017-08-03 16:59 ` Thomas Huth
2017-07-28 12:10 ` [Qemu-devel] [PATCH v3 4/6] seccomp: add spawn " Eduardo Otubo
2017-07-28 12:10 ` [Qemu-devel] [PATCH v3 5/6] seccomp: add resourcecontrol " Eduardo Otubo
2017-07-28 12:10 ` [Qemu-devel] [PATCH v3 6/6] seccomp: adding documentation to new seccomp model Eduardo Otubo
2017-08-02 12:39 ` Daniel P. Berrange
2017-08-03 17:14 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170811101035.GH2554@redhat.com \
--to=berrange@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.