From: James Hogan <james.hogan@imgtec.com>
To: qemu-devel@nongnu.org
Cc: James Hogan <james.hogan@imgtec.com>,
Aurelien Jarno <aurelien@aurel32.net>,
Eduardo Otubo <eduardo.otubo@profitbricks.com>
Subject: [Qemu-devel] [PATCH 0/2] Enable seccomp on MIPS
Date: Mon, 4 Apr 2016 09:29:14 +0100 [thread overview]
Message-ID: <1459758556-4557-1-git-send-email-james.hogan@imgtec.com> (raw)
These patches enable seccomp sandboxing on MIPS.
libseccomp has supported MIPS since 2.2.0, but cacheflush isn't included
in the whitelist until libseccomp 2.2.3 since thats when it was enabled
for ARM. The first patch fixes that so that it will work with MIPS right
back to 2.2.0.
Finally the second patch enables seccomp in the configure script for
MIPS since libseccomp 2.2.0.
Incidentally, when cacheflush(2) was being used prior to it appearing in
the whitelist, I noticed that only a single thread was being killed by
SCMP_ACT_KILL (which the man page also confirms) rather than the whole
process, simply resulting in a lockup, and making it tricky to debug
since it wasn't immediately obvious what had happened (same thing can be
made to happen on x86 if e.g. read syscall is disallowed).
Should we be using the apparently more helpful SCMP_ACT_TRAP instead of
SCMP_ACT_KILL, or is that considered less secure? It would seem
preferable if we could kill the whole process in a recognisable way
instead of hanging it.
James Hogan (2):
seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
configure: Enable seccomp sandbox for MIPS
configure | 3 +++
qemu-seccomp.c | 4 +---
2 files changed, 4 insertions(+), 3 deletions(-)
Cc: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
--
2.4.10
next reply other threads:[~2016-04-04 8:29 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-04 8:29 James Hogan [this message]
2016-04-04 8:29 ` [Qemu-devel] [PATCH 1/2] seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3 James Hogan
2016-04-08 11:45 ` Andrew Jones
2016-04-08 11:54 ` Peter Maydell
2016-04-08 12:39 ` Andrew Jones
2016-04-08 12:49 ` Peter Maydell
2016-04-08 13:00 ` James Hogan
2016-04-04 8:29 ` [Qemu-devel] [PATCH 2/2] configure: Enable seccomp sandbox for MIPS James Hogan
2016-04-08 11:49 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1459758556-4557-1-git-send-email-james.hogan@imgtec.com \
--to=james.hogan@imgtec.com \
--cc=aurelien@aurel32.net \
--cc=eduardo.otubo@profitbricks.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).