[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccom
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp |
Date: |
Tue, 8 May 2012 10:15:35 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Fri, May 04, 2012 at 04:08:36PM -0300, Eduardo Otubo wrote:
> Hello all,
>
> This is the first effort to sandboxing Qemu guests using Libseccomp[0]. The
> patches that follows are pretty simple and straightforward. I added the
> correct
> options and checks to the configure script and the basic calls to libseccomp
> in
> the main loop at vl.c. Details of each one are in the emails of the patch set.
>
> This support limits the system call footprint of the entire QEMU process to a
> limited set of syscalls, those that we know QEMU uses. The idea is to limit
> the allowable syscalls, therefore limiting the impact that an attacked guest
> could have on the host system.
What functionality has been lost by applying this seccomp filter ? I've not
looked closely at the code, but it appears as if this blocks pretty much
any kind of runtime device changes. ie no hotplug of any kind will work ?
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Re: [Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp,
Daniel P. Berrange <=