From: "Namsun Ch'o" <namnamc@Safe-mail.net>
To: pmoore@redhat.com
Cc: qemu-devel@nongnu.org, eduardo.otubo@profitbricks.com
Subject: Re: [Qemu-devel] [PATCH v2] Add argument filters to the seccomp sandbox
Date: Mon, 28 Sep 2015 17:34:53 -0400 [thread overview]
Message-ID: <N1-FAQtRXBl81@Safe-mail.net> (raw)
> To be clear, I'm not suggesting "--enable-syscalls=foo,bar,...", what I'm
> suggesting is a decomposition of the current filter list into blocks of
> syscalls that are needed to enable specific functionality. For example, if
> you enable audio support at runtime a set of syscalls will be added to the
> filter whitelist, if you enable a network device a different set of syscalls
> will be added to the filter, and so on.
>
> I think having an admin specified filter, either via a command line or
> configuration file, is a step in the wrong direction.
How come? I think it is safer than forcing an admin to re-compile everything
(which just won't happen in an enterprise environment). If any configuration
file only increases the strictness of a syscall, I don't see the danger of an
admin shooting themselves in the foot. Allowing an admin to decrease security
would be a problem, but they can do -sandbox off anyway.
But if the dynamic sandbox is strict enough for each feature, it'd be great.
next reply other threads:[~2015-09-28 21:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-28 21:34 Namsun Ch'o [this message]
2015-09-29 1:19 ` [Qemu-devel] [PATCH v2] Add argument filters to the seccomp sandbox Paul Moore
[not found] <d55ad1eed872006f0634c3e0067553a5@airmail.cc>
2015-10-01 7:17 ` Markus Armbruster
-- strict thread matches above, loose matches on Subject: below --
2015-09-30 6:41 Namsun Ch'o
2015-10-01 5:58 ` Markus Armbruster
2015-09-29 3:14 Namsun Ch'o
2015-09-29 15:38 ` Eduardo Otubo
2015-09-29 22:12 ` Paul Moore
2015-09-26 5:06 Namsun Ch'o
2015-09-28 18:24 ` Paul Moore
2015-09-25 4:53 Namsun Ch'o
2015-09-25 17:03 ` Paul Moore
2015-09-11 0:54 namnamc
2015-09-24 9:59 ` Eduardo Otubo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=N1-FAQtRXBl81@Safe-mail.net \
--to=namnamc@safe-mail.net \
--cc=eduardo.otubo@profitbricks.com \
--cc=pmoore@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).