From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:39600) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SRN3n-0007xb-7v for qemu-devel@nongnu.org; Mon, 07 May 2012 08:29:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SRN3l-00018W-A3 for qemu-devel@nongnu.org; Mon, 07 May 2012 08:29:02 -0400 Received: from e24smtp01.br.ibm.com ([32.104.18.85]:42444) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SRN3k-00014p-UW for qemu-devel@nongnu.org; Mon, 07 May 2012 08:29:01 -0400 Received: from /spool/local by e24smtp01.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 7 May 2012 09:28:54 -0300 Received: from d24relay02.br.ibm.com (d24relay02.br.ibm.com [9.13.184.26]) by d24dlp02.br.ibm.com (Postfix) with ESMTP id EEEEC1DC004B for ; Mon, 7 May 2012 09:28:45 -0300 (BRT) Received: from d24av05.br.ibm.com (d24av05.br.ibm.com [9.18.232.44]) by d24relay02.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q47CSRuk52428968 for ; Mon, 7 May 2012 09:28:27 -0300 Received: from d24av05.br.ibm.com (loopback [127.0.0.1]) by d24av05.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q47CSocG012274 for ; Mon, 7 May 2012 09:28:50 -0300 Date: Mon, 7 May 2012 09:28:50 -0300 From: Eduardo Otubo Message-ID: <20120507122849.GC10516@bluepex.com> References: <4FA45124.4050207@suse.de> <4FA7AB6D.5020502@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4FA7AB6D.5020502@redhat.com> Subject: Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: qemu-devel On Mon, May 07, 2012 at 01:01:01PM +0200, Paolo Bonzini wrote: > Il 04/05/2012 23:59, Andreas Färber ha scritto: > >> > +static struct qemu_seccomp_syscall seccomp_whitelist[] = { > >> > + {SCMP_SYS(timer_settime), 255}, > > Spaces inside braces please. > > > >> > + {SCMP_SYS(timer_gettime), 254}, > >> > + {SCMP_SYS(futex), 253}, > >> > + {SCMP_SYS(select), 252}, > >> > + {SCMP_SYS(recvfrom), 251}, > >> > + {SCMP_SYS(sendto), 250}, > >> > + {SCMP_SYS(read), 249}, > >> > + {SCMP_SYS(brk), 248}, > >> > + {SCMP_SYS(clone), 247}, > >> > + {SCMP_SYS(mmap), 247}, > >> > + {SCMP_SYS(mprotect), 246}, > >> > + {SCMP_SYS(rt_sigprocmask), 245}, > >> > + {SCMP_SYS(write), 244}, > >> > + {SCMP_SYS(fcntl), 243}, > >> > + {SCMP_SYS(tgkill), 242}, > >> > + {SCMP_SYS(rt_sigaction), 242}, > >> > + {SCMP_SYS(pipe2), 242}, > >> > + {SCMP_SYS(munmap), 242}, > >> > + {SCMP_SYS(mremap), 242}, > >> > + {SCMP_SYS(getsockname), 242}, > >> > + {SCMP_SYS(getpeername), 242}, > >> > + {SCMP_SYS(fdatasync), 242}, > >> > + {SCMP_SYS(close), 242} > >> > +}; > >> > + > > At least the following are also used: recvmsg, sendmsg, accept, connect, > bind, listen, ioctl, fallocate, eventfd. I don't know if all of them > have to be included in the list. Other syscalls are not used but > probably should be allowed for simplicity, for example poll. You straced those syscalls from what kind of guest? Can you provide the frequency they appear on a strace of you example so we can set the priority? Don't need any fancy report, just some grep's and wc's on a strace output should be just fine. > > For ioctl, we may want to refine the white-list depending on the > argument, and perhaps even filter by file descriptor (the KVM ioctls are > in relatively fast paths, so it would be nice if they were passed with > fewer BPF ops). > > BTW, please keep this out of vl.c, so that all hairiness can be added as > appropriate. I thought it would be overkill the create a new seccomp.[c|h] just for this purpose. But yes, we can start thinking about that since the features might grow in the future. Thanks for the comments, Regards -- Eduardo Otubo Software Engineer Linux Technology Center IBM Systems & Technology Group Mobile: +55 19 8135 0885 eotubo@linux.vnet.ibm.com