From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:60415)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1UVnYe-0003sU-Ih
	for qemu-devel@nongnu.org; Fri, 26 Apr 2013 14:39:46 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1UVnYd-0002pM-Hg
	for qemu-devel@nongnu.org; Fri, 26 Apr 2013 14:39:44 -0400
Received: from e24smtp04.br.ibm.com ([32.104.18.25]:47302)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1UVnYc-0002ol-TB
	for qemu-devel@nongnu.org; Fri, 26 Apr 2013 14:39:43 -0400
Received: from /spool/local
	by e24smtp04.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <otubo@linux.vnet.ibm.com>;
	Fri, 26 Apr 2013 15:39:39 -0300
Received: from d24relay03.br.ibm.com (d24relay03.br.ibm.com [9.13.184.25])
	by d24dlp01.br.ibm.com (Postfix) with ESMTP id B89FC3520055
	for <qemu-devel@nongnu.org>; Fri, 26 Apr 2013 14:39:36 -0400 (EDT)
Received: from d24av02.br.ibm.com (d24av02.br.ibm.com [9.8.31.93])
	by d24relay03.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	r3QIcgpX46334164
	for <qemu-devel@nongnu.org>; Fri, 26 Apr 2013 15:38:42 -0300
Received: from d24av02.br.ibm.com (loopback [127.0.0.1])
	by d24av02.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	r3QIdZFA014508
	for <qemu-devel@nongnu.org>; Fri, 26 Apr 2013 15:39:35 -0300
Message-ID: <517AC9E5.3050204@linux.vnet.ibm.com>
Date: Fri, 26 Apr 2013 15:39:33 -0300
From: Eduardo Otubo <otubo@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [RFC] Continuous work on sandboxing
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, "Daniel P. Berrange" <berrange@redhat.com>, Eric Paris <eparis@redhat.com>, Paul Moore <pmoore@redhat.com>

Hello folks,

	Resuming the sandboxing work, I'd  like to ask for comments on the 
ideias I have:

1. Reduce whitelist to the optimal subset: Run various tests on Qemu 
with different configurations to reduce to the smallest syscall set 
possible; test and send a patch weekly (this is already being performed 
and a patch is on the way)

2. Introduce a second whitelist - the whitelist should be defined in 
libvirt and passed on to qemu or just pre defined in Qemu? Also remove 
execve() and avoid open() and socket() and its parameters - also 
wondering if (and how) we should pass the fd along from libvirt to qemu.

3. Debugging and/or learning mode - third party libraries still have the 
problem of interfering in the Qemu's signal mask. According to some 
previous discussions, perhaps patch all external libraries that mass up 
with this mask (spice, for example) is a way to solve it. But not sure 
if it worth the time spent. Would like to hear you guys.

Regards,

-- 
Eduardo Otubo
IBM Linux Technology Center