From: "Namsun Ch'o" <namnamc@Safe-mail.net>
To: pmoore@redhat.com
Cc: qemu-devel@nongnu.org, eduardo.otubo@profitbricks.com
Subject: Re: [Qemu-devel] [PATCH v2] Add argument filters to the seccomp sandbox
Date: Mon, 28 Sep 2015 17:34:53 -0400 [thread overview]
Message-ID: <N1-FAQtRXBl81@Safe-mail.net> (raw)
> To be clear, I'm not suggesting "--enable-syscalls=foo,bar,...", what I'm
> suggesting is a decomposition of the current filter list into blocks of
> syscalls that are needed to enable specific functionality. For example, if
> you enable audio support at runtime a set of syscalls will be added to the
> filter whitelist, if you enable a network device a different set of syscalls
> will be added to the filter, and so on.
>
> I think having an admin specified filter, either via a command line or
> configuration file, is a step in the wrong direction.
How come? I think it is safer than forcing an admin to re-compile everything
(which just won't happen in an enterprise environment). If any configuration
file only increases the strictness of a syscall, I don't see the danger of an
admin shooting themselves in the foot. Allowing an admin to decrease security
would be a problem, but they can do -sandbox off anyway.
But if the dynamic sandbox is strict enough for each feature, it'd be great.
next reply other threads:[~2015-09-28 21:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-28 21:34 Namsun Ch'o [this message]
2015-09-29 1:19 ` [Qemu-devel] [PATCH v2] Add argument filters to the seccomp sandbox Paul Moore
[not found] <d55ad1eed872006f0634c3e0067553a5@airmail.cc>
2015-10-01 7:17 ` Markus Armbruster
-- strict thread matches above, loose matches on Subject: below --
2015-09-30 6:41 Namsun Ch'o
2015-10-01 5:58 ` Markus Armbruster
2015-09-29 3:14 Namsun Ch'o
2015-09-29 15:38 ` Eduardo Otubo
2015-09-29 22:12 ` Paul Moore
2015-09-26 5:06 Namsun Ch'o
2015-09-28 18:24 ` Paul Moore
2015-09-25 4:53 Namsun Ch'o
2015-09-25 17:03 ` Paul Moore
2015-09-11 0:54 namnamc
2015-09-24 9:59 ` Eduardo Otubo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=N1-FAQtRXBl81@Safe-mail.net \
--to=namnamc@safe-mail.net \
--cc=eduardo.otubo@profitbricks.com \
--cc=pmoore@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.