Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters

From:	Corey Bryant
Subject:	Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters
Date:	Fri, 19 Oct 2012 16:46:21 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121009 Thunderbird/16.0



On 10/19/2012 04:36 PM, Eric Blake wrote:

On 10/19/2012 02:08 PM, Corey Bryant wrote:



On 10/19/2012 01:04 PM, Blue Swirl wrote:

On Wed, Oct 17, 2012 at 1:15 PM, Eduardo Otubo
<address@hidden> wrote:

This patch includes a second whitelist right before the main loop. It's
a smaller and more restricted whitelist, excluding execve() among many
others.

It's nice to see that for example open, creat, unlink, socket, bind,
mprotect, setrlimit and kill are not present.


Hmm, well open minimally needs to be added to this list so that drives
can be hotplugged.


Unless we enforce the use of add-fd for hot-plugging drives, but that in
turn requires that we have -blockdev semantics for telling qemu how to
open backing chains.

True, that would be nice. But for now we don't have a complete fdpassing solution so maybe we can add that restriction in the future.


--
Regards,
Corey Bryant

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 1/4] Adding new syscalls (bugzilla 855162), Eduardo Otubo, 2012/10/17
- [Qemu-devel] [PATCH 2/4] Setting "-sandbox on" as deafult, Eduardo Otubo, 2012/10/17
  - Re: [Qemu-devel] [PATCH 2/4] Setting "-sandbox on" as deafult, Corey Bryant, 2012/10/18
- [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters, Eduardo Otubo, 2012/10/17
  - Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters, Blue Swirl, 2012/10/19
    - Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters, Corey Bryant, 2012/10/19
    - Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters, Eric Blake, 2012/10/19
    - Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters, Corey Bryant <=
  - Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters, Corey Bryant, 2012/10/19
- [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Eduardo Otubo, 2012/10/17
  - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Corey Bryant, 2012/10/18
  - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Paolo Bonzini, 2012/10/18
    - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Corey Bryant, 2012/10/24
    - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Corey Bryant, 2012/10/24
    - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Paolo Bonzini, 2012/10/24
    - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Corey Bryant, 2012/10/24
    - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Paolo Bonzini, 2012/10/24
    - Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug, Corey Bryant, 2012/10/24

Prev by Date: [Qemu-devel] [PATCH v3 24/26] q35: add acpi-based pci hotplug.
Next by Date: [Qemu-devel] [PATCH v2] hmp: fix info cpus for sparc targets
Previous by thread: Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters
Next by thread: Re: [Qemu-devel] [PATCH 3/4] Support for "double whitelist" filters
Index(es):
- Date
- Thread