From: Ian Jackson <ian.jackson@eu.citrix.com>
To: xen-devel@lists.xensource.com
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>
Subject: [PATCH v2 00/24] Provide some actual restriction of qemu
Date: Mon, 9 Oct 2017 16:57:02 +0100 [thread overview]
Message-ID: <1507564648-7580-1-git-send-email-ian.jackson@eu.citrix.com> (raw)
With this series, it is possible to run qemu in a way that I think
really does not have global privilege any more.
I have verified that it runs as a non-root user. I have checked all
of its fds and they are either privcmd (which I have arranged to
neuter), or /dev/null, or harmless sockets and pipes, or evtchn.
Unfortunately this needs a new "xentoolcore" library, which all the
existing libraries register with so that the restrict call is
effective.
Also there are a number of lacunae. See the documentation patches.
The series depends for its functionality on the corresponding qemu
series.
a 01/26] xen: Provide XEN_DMOP_remote_shutdown
a 02/26] xen: x86 dm_op: add missing newline before
a 03/26] tools: libxendevicemodel: Provide
a* 04/26] xentoolcore, _restrict_all: Introduce new library and
a 05/26] xentoolcore: Link into stubdoms
+ 06/26] xentoolcore: Link into minios (update
a 07/26] tools: qemu-xen build: prepare to link against
a 08/26] libxl: #include "xentoolcore_internal.h"
a 09/26] tools: move CONTAINER_OF to xentoolcore_internal.h
a 10/26] xentoolcore_restrict_all: Implement for
a 11/26] xentoolcore_restrict_all: "Implement" for libxencall
a 12/26] xentoolcore_restrict: Break out
a 13/26] xentoolcore_restrict_all: Implement for
a 14/26] xentoolcore_restrict_all: Declare problems due to no
a 15/26] xentoolcore_restrict_all: "Implement" for xengnttab
a 16/26] tools/xenstore: get_handle: use "goto err" error
a 17/26] tools/xenstore: get_handle: Allocate struct before
a 18/26] xentoolcore_restrict_all: "Implement" for xenstore
a 19/26] xentoolcore, _restrict_all: Document implementation
a 20/26] xl, libxl: Provide dm_restrict
a 21/26] libxl: Rationalise calculation of user to run qemu as
a 22/26] libxl: libxl__dm_runas_helper: return pwd
a 23/26] libxl: userlookup_helper_getpwnam rename and turn into
a* 24/26] libxl: dm_restrict: Support uid range user
a 25/26] tools: xentoolcore_restrict_all: use domid_t
+ 26/26] xl: Document VGA problems arising from lack of physmap
a = acked (or, reviewed, for hypervisor patches)
* = modified (acks retained since minor changes only)
+ = new in v4 of the series (since the original v3 post)
Thanks,
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next reply other threads:[~2017-10-09 15:57 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-09 15:57 Ian Jackson [this message]
2017-10-09 15:57 ` [PATCH 01/26] xen: Provide XEN_DMOP_remote_shutdown Ian Jackson
2017-10-09 15:57 ` [PATCH 02/26] xen: x86 dm_op: add missing newline before XEN_DMOP_inject_msi Ian Jackson
2017-10-09 15:57 ` [PATCH 03/26] tools: libxendevicemodel: Provide xendevicemodel_shutdown Ian Jackson
2017-10-17 15:24 ` Ross Lagerwall
2017-10-17 15:29 ` Ian Jackson
2017-10-17 17:05 ` [PATCH] tools: libxendevicemodel: Restore symbol versions for 1.0 Ian Jackson
2017-10-17 17:06 ` Wei Liu
2017-10-17 17:19 ` Andrew Cooper
2017-10-18 9:54 ` Ian Jackson
2017-10-18 8:59 ` Ross Lagerwall
2017-10-09 15:57 ` [PATCH 04/26] xentoolcore, _restrict_all: Introduce new library and implementation Ian Jackson
2017-10-10 11:45 ` Anthony PERARD
2017-10-10 17:18 ` Ian Jackson
2017-10-09 15:57 ` [PATCH 05/26] xentoolcore: Link into stubdoms Ian Jackson
2017-10-09 15:57 ` [PATCH 06/26] xentoolcore: Link into minios (update MINIOS_UPSTREAM_REVISION) Ian Jackson
2017-10-09 15:57 ` [PATCH 07/26] tools: qemu-xen build: prepare to link against xentoolcore Ian Jackson
2017-10-09 15:57 ` [PATCH 08/26] libxl: #include "xentoolcore_internal.h" Ian Jackson
2017-10-09 15:57 ` [PATCH 09/26] tools: move CONTAINER_OF to xentoolcore_internal.h Ian Jackson
2017-10-09 15:57 ` [PATCH 10/26] xentoolcore_restrict_all: Implement for libxendevicemodel Ian Jackson
2017-10-09 15:57 ` [PATCH 11/26] xentoolcore_restrict_all: "Implement" for libxencall Ian Jackson
2017-10-09 15:57 ` [PATCH 12/26] xentoolcore_restrict: Break out xentoolcore__restrict_by_dup2_null Ian Jackson
2017-10-09 15:57 ` [PATCH 13/26] xentoolcore_restrict_all: Implement for libxenforeignmemory Ian Jackson
2017-10-09 15:57 ` [PATCH 14/26] xentoolcore_restrict_all: Declare problems due to no evtchn support Ian Jackson
2017-10-09 15:57 ` [PATCH 15/26] xentoolcore_restrict_all: "Implement" for xengnttab Ian Jackson
2017-10-09 15:57 ` [PATCH 16/26] tools/xenstore: get_handle: use "goto err" error handling style Ian Jackson
2017-10-09 15:57 ` [PATCH 17/26] tools/xenstore: get_handle: Allocate struct before opening fd Ian Jackson
2017-10-09 15:57 ` [PATCH 18/26] xentoolcore_restrict_all: "Implement" for xenstore Ian Jackson
2017-10-09 15:57 ` [PATCH 19/26] xentoolcore, _restrict_all: Document implementation "complete" Ian Jackson
2017-10-09 15:57 ` [PATCH 20/26] xl, libxl: Provide dm_restrict Ian Jackson
2017-10-09 15:57 ` [PATCH 21/26] libxl: Rationalise calculation of user to run qemu as Ian Jackson
2017-10-09 15:57 ` [PATCH 22/26] libxl: libxl__dm_runas_helper: return pwd Ian Jackson
2017-10-09 15:57 ` [PATCH 23/26] libxl: userlookup_helper_getpwnam rename and turn into a macro Ian Jackson
2017-10-09 15:57 ` [PATCH 24/26] libxl: dm_restrict: Support uid range user Ian Jackson
2017-10-09 15:57 ` [PATCH 25/26] tools: xentoolcore_restrict_all: use domid_t Ian Jackson
2017-10-09 15:57 ` [PATCH 26/26] xl: Document VGA problems arising from lack of physmap dmop Ian Jackson
2017-10-09 16:11 ` Wei Liu
2017-10-09 16:10 ` [PATCH v2 00/24] Provide some actual restriction of qemu Ian Jackson
-- strict thread matches above, loose matches on Subject: below --
2017-10-04 15:57 Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1507564648-7580-1-git-send-email-ian.jackson@eu.citrix.com \
--to=ian.jackson@eu.citrix.com \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).