[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in v
|
From: |
Eduardo Otubo |
|
Subject: |
Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c |
|
Date: |
Mon, 7 May 2012 09:28:50 -0300 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Mon, May 07, 2012 at 01:01:01PM +0200, Paolo Bonzini wrote:
> Il 04/05/2012 23:59, Andreas Färber ha scritto:
> >> > +static struct qemu_seccomp_syscall seccomp_whitelist[] = {
> >> > + {SCMP_SYS(timer_settime), 255},
> > Spaces inside braces please.
> >
> >> > + {SCMP_SYS(timer_gettime), 254},
> >> > + {SCMP_SYS(futex), 253},
> >> > + {SCMP_SYS(select), 252},
> >> > + {SCMP_SYS(recvfrom), 251},
> >> > + {SCMP_SYS(sendto), 250},
> >> > + {SCMP_SYS(read), 249},
> >> > + {SCMP_SYS(brk), 248},
> >> > + {SCMP_SYS(clone), 247},
> >> > + {SCMP_SYS(mmap), 247},
> >> > + {SCMP_SYS(mprotect), 246},
> >> > + {SCMP_SYS(rt_sigprocmask), 245},
> >> > + {SCMP_SYS(write), 244},
> >> > + {SCMP_SYS(fcntl), 243},
> >> > + {SCMP_SYS(tgkill), 242},
> >> > + {SCMP_SYS(rt_sigaction), 242},
> >> > + {SCMP_SYS(pipe2), 242},
> >> > + {SCMP_SYS(munmap), 242},
> >> > + {SCMP_SYS(mremap), 242},
> >> > + {SCMP_SYS(getsockname), 242},
> >> > + {SCMP_SYS(getpeername), 242},
> >> > + {SCMP_SYS(fdatasync), 242},
> >> > + {SCMP_SYS(close), 242}
> >> > +};
> >> > +
>
> At least the following are also used: recvmsg, sendmsg, accept, connect,
> bind, listen, ioctl, fallocate, eventfd. I don't know if all of them
> have to be included in the list. Other syscalls are not used but
> probably should be allowed for simplicity, for example poll.
You straced those syscalls from what kind of guest? Can you provide the
frequency they appear on a strace of you example so we can set the
priority? Don't need any fancy report, just some grep's and wc's on a
strace output should be just fine.
>
> For ioctl, we may want to refine the white-list depending on the
> argument, and perhaps even filter by file descriptor (the KVM ioctls are
> in relatively fast paths, so it would be nice if they were passed with
> fewer BPF ops).
>
> BTW, please keep this out of vl.c, so that all hairiness can be added as
> appropriate.
I thought it would be overkill the create a new seccomp.[c|h] just for this
purpose. But yes, we can start thinking about that since the features might
grow in the future.
Thanks for the comments,
Regards
--
Eduardo Otubo
Software Engineer
Linux Technology Center
IBM Systems & Technology Group
Mobile: +55 19 8135 0885
address@hidden
Re: [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp, Daniel P. Berrange, 2012/05/08