From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56009)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1VjtA4-00011j-7f
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 11:00:58 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Vjt9x-0003MH-Hz
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 11:00:52 -0500
Received: from mx1.redhat.com ([209.132.183.28]:14498)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Vjt9x-0003Lv-9l
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 11:00:45 -0500
From: Paul Moore <pmoore@redhat.com>
Date: Fri, 22 Nov 2013 11:00:24 -0500
Message-ID: <7966284.CJrPIyrYnI@sifl>
In-Reply-To: <20131122154841.GA3232@stefanha-thinkpad.redhat.com>
References: <1382440906-3852-1-git-send-email-otubo@linux.vnet.ibm.com>
	<3468561.4aYf2ZG3eq@sifl>
	<20131122154841.GA3232@stefanha-thinkpad.redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by
	default
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, coreyb@linux.vnet.ibm.com, qemu-devel <qemu-devel@nongnu.org>, Anthony Liguori <anthony@codemonkey.ws>, Eduardo Otubo <otubo@linux.vnet.ibm.com>

On Friday, November 22, 2013 04:48:41 PM Stefan Hajnoczi wrote:
> On Fri, Nov 22, 2013 at 09:44:42AM -0500, Paul Moore wrote:
> > On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote:
> > > On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> > > > I'm always open to suggestions on how to improve the
> > > > development/debugging
> > > > process, so if you have any ideas please let me know.
> > > 
> > > The failure mode is terrible:
> > Glad to see you don't feel strongly about things.
> 
> Sorry for the rant :).  I know you and Eduardo understand the issues and
> have already been working on them.

I can't speak for Eduardo, but no worries on my end; it just wouldn't be an 
Open Source project without a bit of hyperbole now and then would it? ;)

> I hope hearing it from a developer who isn't following seccomp is useful
> though.

Definitely.  I should have said it earlier, but I do appreciate you taking the 
time to comment.

> It shows which issues stick out and hinder usability.  Users will only be
> happy with seccomp when it works silently behind the scenes.

Exactly.  Users don't tolerate bugs and I don't blame them.  After all, at 
some point we are all users too.

> Developers will only be happy with seccomp if it's easy and rewarding to
> support/debug.

Agreed.

As a developer, how do you feel about the audit/syslog based approach I 
mentioned earlier?

-- 
paul moore
security and virtualization @ redhat