[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the secc
From: |
Markus Armbruster |
Subject: |
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the seccomp sandbox |
Date: |
Fri, 02 Oct 2015 12:05:58 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
"Daniel P. Berrange" <address@hidden> writes:
> On Thu, Oct 01, 2015 at 02:06:32PM +0200, Markus Armbruster wrote:
>> "Namsun Ch'o" <address@hidden> writes:
>>
>> > The seccomp sandbox doesn't whitelist setuid, setgid, or
>> > setgroups, which are
>> > needed for -runas to work. It also doesn't whitelist chroot, which is
>> > needed
>> > for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
>> > privileges or chroots, so without these whitelisted, -runas and
>> > -chroot cause
>> > QEMU to be killed with -sandbox on. This patch adds those syscalls.
>>
>> Should it enable seccomp a bit later?
>
> Yeah, I think it would be better to move the seccomp enablement later.
Let's do that then.
> Adding setuid and chroot to the allow list is pretty strongly undesirable
> from a security protection POV.
Indeed.
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the seccomp sandbox, Eduardo Otubo, 2015/10/09