From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:52924)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TPJSk-0001wF-3w
	for qemu-devel@nongnu.org; Fri, 19 Oct 2012 16:46:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TPJSj-0007vy-2K
	for qemu-devel@nongnu.org; Fri, 19 Oct 2012 16:46:34 -0400
Received: from e38.co.us.ibm.com ([32.97.110.159]:33322)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TPJSi-0007vX-S2
	for qemu-devel@nongnu.org; Fri, 19 Oct 2012 16:46:32 -0400
Received: from /spool/local
	by e38.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <coreyb@linux.vnet.ibm.com>;
	Fri, 19 Oct 2012 14:46:31 -0600
Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com
	[9.17.195.227])
	by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id CAE8D1FF0041
	for <qemu-devel@nongnu.org>; Fri, 19 Oct 2012 14:46:27 -0600 (MDT)
Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167])
	by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	q9JKkRej220800
	for <qemu-devel@nongnu.org>; Fri, 19 Oct 2012 14:46:27 -0600
Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1])
	by d03av01.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
	id q9JKkOeK018650
	for <qemu-devel@nongnu.org>; Fri, 19 Oct 2012 14:46:27 -0600
Message-ID: <5081BC1D.8070100@linux.vnet.ibm.com>
Date: Fri, 19 Oct 2012 16:46:21 -0400
From: Corey Bryant <coreyb@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <1350479712-15082-1-git-send-email-otubo@linux.vnet.ibm.com>
	<1350479712-15082-3-git-send-email-otubo@linux.vnet.ibm.com>
	<CAAu8pHucVmfiqCbcz+iSiYoZNmoSPhowzacX2FdySuSf2=BYxg@mail.gmail.com>
	<5081B330.3060106@linux.vnet.ibm.com> <5081B9BC.8060503@redhat.com>
In-Reply-To: <5081B9BC.8060503@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eric Blake <eblake@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>, pmoore@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org, Eduardo Otubo <otubo@linux.vnet.ibm.com>



On 10/19/2012 04:36 PM, Eric Blake wrote:
> On 10/19/2012 02:08 PM, Corey Bryant wrote:
>>
>>
>> On 10/19/2012 01:04 PM, Blue Swirl wrote:
>>> On Wed, Oct 17, 2012 at 1:15 PM, Eduardo Otubo
>>> <otubo@linux.vnet.ibm.com> wrote:
>>>> This patch includes a second whitelist right before the main loop. It's
>>>> a smaller and more restricted whitelist, excluding execve() among many
>>>> others.
>>>>
>
>>> It's nice to see that for example open, creat, unlink, socket, bind,
>>> mprotect, setrlimit and kill are not present.
>>>
>>
>> Hmm, well open minimally needs to be added to this list so that drives
>> can be hotplugged.
>
> Unless we enforce the use of add-fd for hot-plugging drives, but that in
> turn requires that we have -blockdev semantics for telling qemu how to
> open backing chains.
>

True, that would be nice.  But for now we don't have a complete fd 
passing solution so maybe we can add that restriction in the future.

-- 
Regards,
Corey Bryant