From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel <qemu-devel@nongnu.org>, otubo@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c
Date: Mon, 07 May 2012 13:01:01 +0200 [thread overview]
Message-ID: <4FA7AB6D.5020502@redhat.com> (raw)
In-Reply-To: <4FA45124.4050207@suse.de>
Il 04/05/2012 23:59, Andreas Färber ha scritto:
>> > +static struct qemu_seccomp_syscall seccomp_whitelist[] = {
>> > + {SCMP_SYS(timer_settime), 255},
> Spaces inside braces please.
>
>> > + {SCMP_SYS(timer_gettime), 254},
>> > + {SCMP_SYS(futex), 253},
>> > + {SCMP_SYS(select), 252},
>> > + {SCMP_SYS(recvfrom), 251},
>> > + {SCMP_SYS(sendto), 250},
>> > + {SCMP_SYS(read), 249},
>> > + {SCMP_SYS(brk), 248},
>> > + {SCMP_SYS(clone), 247},
>> > + {SCMP_SYS(mmap), 247},
>> > + {SCMP_SYS(mprotect), 246},
>> > + {SCMP_SYS(rt_sigprocmask), 245},
>> > + {SCMP_SYS(write), 244},
>> > + {SCMP_SYS(fcntl), 243},
>> > + {SCMP_SYS(tgkill), 242},
>> > + {SCMP_SYS(rt_sigaction), 242},
>> > + {SCMP_SYS(pipe2), 242},
>> > + {SCMP_SYS(munmap), 242},
>> > + {SCMP_SYS(mremap), 242},
>> > + {SCMP_SYS(getsockname), 242},
>> > + {SCMP_SYS(getpeername), 242},
>> > + {SCMP_SYS(fdatasync), 242},
>> > + {SCMP_SYS(close), 242}
>> > +};
>> > +
At least the following are also used: recvmsg, sendmsg, accept, connect,
bind, listen, ioctl, fallocate, eventfd. I don't know if all of them
have to be included in the list. Other syscalls are not used but
probably should be allowed for simplicity, for example poll.
For ioctl, we may want to refine the white-list depending on the
argument, and perhaps even filter by file descriptor (the KVM ioctls are
in relatively fast paths, so it would be nice if they were passed with
fewer BPF ops).
BTW, please keep this out of vl.c, so that all hairiness can be added as
appropriate.
Paolo
next prev parent reply other threads:[~2012-05-07 11:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-04 19:08 [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp Eduardo Otubo
2012-05-04 19:08 ` [Qemu-devel] [RFC] [PATCH 1/2] Adding support for libseccomp in configure Eduardo Otubo
2012-05-04 19:08 ` [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c Eduardo Otubo
2012-05-04 21:59 ` Andreas Färber
2012-05-07 11:01 ` Paolo Bonzini [this message]
2012-05-07 12:28 ` Eduardo Otubo
2012-05-07 12:34 ` Paolo Bonzini
2012-05-07 12:16 ` Eduardo Otubo
2012-05-08 9:15 ` [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp Daniel P. Berrange
2012-05-08 11:32 ` Stefano Stabellini
2012-05-08 14:10 ` Corey Bryant
2012-05-08 14:27 ` Daniel P. Berrange
2012-05-08 15:19 ` Corey Bryant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FA7AB6D.5020502@redhat.com \
--to=pbonzini@redhat.com \
--cc=otubo@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).