From: Paul Moore <pmoore@redhat.com>
To: Serge Hallyn <serge.hallyn@canonical.com>
Cc: "Stefan Hajnoczi" <stefanha@gmail.com>,
"Corey Bryant" <coreyb@linux.vnet.ibm.com>,
"Michael Halcrow" <mhalcrow@google.com>,
qemu-devel@nongnu.org, "Eric Paris" <eparis@redhat.com>,
"Ashley D Lai" <adlai@us.ibm.com>, "Avi Kivity" <avi@redhat.com>,
"Richa Marwaha" <rmarwah@us.ibm.com>,
"Amit Shah" <amit.shah@redhat.com>,
"Radim Krčmář" <radimkrcmar@hpx.cz>,
"Eduardo Terrell Ferrari Otubo" <eotubo@br.ibm.com>,
"Lee Terrell" <lterrell@us.ibm.com>,
"George Wilson" <gcwilson@us.ibm.com>
Subject: Re: [Qemu-devel] [RFC] Device sandboxing
Date: Thu, 15 Dec 2011 10:35:16 -0500 [thread overview]
Message-ID: <3013046.5WrR1YBbPs@sifl> (raw)
In-Reply-To: <20111215151411.GB3287@sergelap>
On Thursday, December 15, 2011 09:14:11 AM Serge Hallyn wrote:
> Quoting Corey Bryant (coreyb@linux.vnet.ibm.com):
> > On 12/14/2011 06:56 PM, Paul Moore wrote:
> > >On Wednesday, December 14, 2011 11:15:58 AM Serge E. Hallyn wrote:
> > >>Hey Paul,
> > >>
> > >>just wondering, exactly which approache(s) are you prototyping? Are
> > >>you touching seccomp2?
> > >
> > >The decomposed approach as I felt (well, still do for that matter)
> > >that the enhanced seccomp stuff could be put to even better use in a
> > >decomposed mode of operation.
> > >
> > >However, earlier this week those of us involved in this effort were
> > >strongly discouraged (this probably isn't the best term to use, but
> > >there is a reason I'm a programmer and not an english student) from
> > >pursuing the decomposed prototype further so work on it has dropped
> > >off considerably.
> > >
> > >I still think it is worth pursuing, if for no other reason than to
> > >answer questions that right now we can only answer with educated
> > >guesses, but it is no longer my main focus. If anyone else is
> > >interested in this feel free to drop me some email and I can bring
> > >you up to speed on the current status.
>
> Thanks, Paul. I don't know for sure that I'll have time, but I'd
> definately be interested in anything you have about current status
> of that approach. On my own I would've pursued the seccomp2 way
> if only because I'll be doing the same for lxc, but if noone else
> is following up on decomposition I might take a look over break.
> And as you say, if the design ends up being maintaineable and with
> acceptable performance overhead, I have no doubt it would be well
> merged with seccomp2.
The current status of the prototype is that it is still largely incomplete;
most of the "how do I do this?" work is done, now it is just a matter of
coding.
I *think* I've identified all the function calls that the e1000 device
emulation makes into the core QEMU code as well as a good spot for forking,
most of the implementation is blank (lots of empty function bodies). About
the only part of the implementation that currently has any substance to it is
the pipe based message passing and the code trickery that allows us to go from
straight functions calls to RPC/IPC. Neither have been tested yet, and the
former isn't as elegant as I would like, but at least they all compile cleanly
... ;)
As I said earlier, I still plan to allocate some time to working on this, but
much less than before. I'll drop you another email, offlist, and if you've
got some interest/time in helping out you're more than welcome to join in.
--
paul moore
virtualization @ redhat
next prev parent reply other threads:[~2011-12-15 15:35 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-07 18:25 [Qemu-devel] [RFC] Device sandboxing Corey Bryant
2011-12-07 18:48 ` Anthony Liguori
2011-12-07 19:32 ` Corey Bryant
2011-12-07 19:43 ` Anthony Liguori
2011-12-07 19:52 ` Michael Halcrow
2011-12-07 20:02 ` Corey Bryant
2011-12-07 20:54 ` Eric Paris
2011-12-08 9:40 ` Stefan Hajnoczi
2011-12-11 10:50 ` Dor Laor
2011-12-12 18:54 ` Will Drewry
2011-12-08 9:47 ` Stefan Hajnoczi
2011-12-08 14:39 ` Corey Bryant
2011-12-07 21:20 ` Paul Moore
2011-12-14 17:15 ` Serge E. Hallyn
2011-12-14 23:56 ` Paul Moore
2011-12-15 14:28 ` Corey Bryant
2011-12-15 15:14 ` Serge Hallyn
2011-12-15 15:35 ` Paul Moore [this message]
2011-12-15 16:05 ` Serge Hallyn
2011-12-08 21:51 ` Blue Swirl
2011-12-12 18:30 ` Corey Bryant
2011-12-09 16:17 ` Paul Brook
2011-12-09 16:34 ` Paul Moore
2011-12-09 17:32 ` Paul Brook
2011-12-09 17:49 ` Paul Moore
2011-12-09 18:46 ` Paul Brook
2011-12-09 18:50 ` Paul Moore
2011-12-09 18:59 ` Paul Brook
2011-12-09 19:17 ` Paul Moore
2011-12-10 19:39 ` Blue Swirl
2011-12-11 9:08 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3013046.5WrR1YBbPs@sifl \
--to=pmoore@redhat.com \
--cc=adlai@us.ibm.com \
--cc=amit.shah@redhat.com \
--cc=avi@redhat.com \
--cc=coreyb@linux.vnet.ibm.com \
--cc=eotubo@br.ibm.com \
--cc=eparis@redhat.com \
--cc=gcwilson@us.ibm.com \
--cc=lterrell@us.ibm.com \
--cc=mhalcrow@google.com \
--cc=qemu-devel@nongnu.org \
--cc=radimkrcmar@hpx.cz \
--cc=rmarwah@us.ibm.com \
--cc=serge.hallyn@canonical.com \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.