From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:39739)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SRLgv-0006dE-1U
	for qemu-devel@nongnu.org; Mon, 07 May 2012 07:01:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SRLgl-0007E6-Ej
	for qemu-devel@nongnu.org; Mon, 07 May 2012 07:01:20 -0400
Received: from mail-pb0-f45.google.com ([209.85.160.45]:40807)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SRLgl-0007Cv-6A
	for qemu-devel@nongnu.org; Mon, 07 May 2012 07:01:11 -0400
Received: by pbbro12 with SMTP id ro12so8880075pbb.4
	for <qemu-devel@nongnu.org>; Mon, 07 May 2012 04:01:08 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <4FA7AB6D.5020502@redhat.com>
Date: Mon, 07 May 2012 13:01:01 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <cover.1336143671.git.otubo@linux.vnet.ibm.com>
	<adfc71dc03ed55e1e988c6e7205f219ab78fb93e.1336143671.git.otubo@linux.vnet.ibm.com>
	<4FA45124.4050207@suse.de>
In-Reply-To: <4FA45124.4050207@suse.de>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp
	in vl.c
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel <qemu-devel@nongnu.org>, otubo@linux.vnet.ibm.com

Il 04/05/2012 23:59, Andreas Färber ha scritto:
>> > +static struct qemu_seccomp_syscall seccomp_whitelist[] = {
>> > +    {SCMP_SYS(timer_settime), 255},
> Spaces inside braces please.
> 
>> > +    {SCMP_SYS(timer_gettime), 254},
>> > +    {SCMP_SYS(futex), 253},
>> > +    {SCMP_SYS(select), 252},
>> > +    {SCMP_SYS(recvfrom), 251},
>> > +    {SCMP_SYS(sendto), 250},
>> > +    {SCMP_SYS(read), 249},
>> > +    {SCMP_SYS(brk), 248},
>> > +    {SCMP_SYS(clone), 247},
>> > +    {SCMP_SYS(mmap), 247},
>> > +    {SCMP_SYS(mprotect), 246},
>> > +    {SCMP_SYS(rt_sigprocmask), 245},
>> > +    {SCMP_SYS(write), 244},
>> > +    {SCMP_SYS(fcntl), 243},
>> > +    {SCMP_SYS(tgkill), 242},
>> > +    {SCMP_SYS(rt_sigaction), 242},
>> > +    {SCMP_SYS(pipe2), 242},
>> > +    {SCMP_SYS(munmap), 242},
>> > +    {SCMP_SYS(mremap), 242},
>> > +    {SCMP_SYS(getsockname), 242},
>> > +    {SCMP_SYS(getpeername), 242},
>> > +    {SCMP_SYS(fdatasync), 242},
>> > +    {SCMP_SYS(close), 242}
>> > +};
>> > +

At least the following are also used: recvmsg, sendmsg, accept, connect,
bind, listen, ioctl, fallocate, eventfd.  I don't know if all of them
have to be included in the list.  Other syscalls are not used but
probably should be allowed for simplicity, for example poll.

For ioctl, we may want to refine the white-list depending on the
argument, and perhaps even filter by file descriptor (the KVM ioctls are
in relatively fast paths, so it would be nice if they were passed with
fewer BPF ops).

BTW, please keep this out of vl.c, so that all hairiness can be added as
appropriate.

Paolo