[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in
|
From: |
Paul Moore |
|
Subject: |
Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c |
|
Date: |
Mon, 18 Jun 2012 09:52:44 -0400 |
|
User-agent: |
KMail/4.8.3 (Linux/3.4.2-gentoo-r1; KDE/4.8.3; x86_64; ; ) |
On Monday, June 18, 2012 09:31:03 AM Daniel P. Berrange wrote:
> On Fri, Jun 15, 2012 at 05:02:19PM -0400, Paul Moore wrote:
> > On Friday, June 15, 2012 07:06:10 PM Blue Swirl wrote:
> > > I think allowing execve() would render seccomp pretty much useless.
> >
> > Not necessarily.
> >
> > I'll agree that it does seem a bit odd to allow execve(), but there is
> > still value in enabling seccomp to disable potentially buggy/exploitable
> > syscalls. Let's not forget that we have over 300 syscalls on x86_64, not
> > including the 32 bit versions, and even if we add all of the new syscalls
> > suggested in this thread we are still talking about a small subset of
> > syscalls. As far as security goes, the old adage of "less is more"
> > applies.
>
> I can sort of see this argument, but *only* if the QEMU process is being
> run under a dedicated, fully unprivileged (from a DAC pov) user, completely
> separate from anything else on the system.
>
> Or, of course, for a QEMU already confined by SELinux.
Agreed ... and considering at least one major distribution takes this approach
it seems like reasonable functionality to me. Confining QEMU, either through
DAC and/or MAC, when faced with potentially malicious guests is just good
sense.
--
paul moore
security and virtualization @ redhat
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, (continued)
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Paul Moore, 2012/06/15
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Blue Swirl, 2012/06/15
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Paul Moore, 2012/06/15
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Blue Swirl, 2012/06/16
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Corey Bryant, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Avi Kivity, 2012/06/19
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Blue Swirl, 2012/06/19
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Eric Blake, 2012/06/15
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Daniel P. Berrange, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Daniel P. Berrange, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c,
Paul Moore <=
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Daniel P. Berrange, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Paul Moore, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Eduardo Otubo, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Blue Swirl, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Corey Bryant, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Blue Swirl, 2012/06/18
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Daniel P. Berrange, 2012/06/19
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Blue Swirl, 2012/06/19
- Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c, Daniel P. Berrange, 2012/06/18
Re: [Qemu-devel] [RFC] [PATCHv2 0/2] Sandboxing Qemu guests with Libseccomp, Paul Moore, 2012/06/13