On Fri, May 04, 2012 at 04:08:36PM -0300, Eduardo Otubo wrote: > Hello all, > > This is the first effort to sandboxing Qemu guests using Libseccomp[0]. The > patches that follows are pretty simple and straightforward. I added the > correct > options and checks to the configure script and the basic calls to libseccomp > in > the main loop at vl.c. Details of each one are in the emails of the patch set. > > This support limits the system call footprint of the entire QEMU process to a > limited set of syscalls, those that we know QEMU uses. The idea is to limit > the allowable syscalls, therefore limiting the impact that an attacked guest > could have on the host system.
What functionality has been lost by applying this seccomp filter ? I've not looked closely at the code, but it appears as if this blocks pretty much any kind of runtime device changes. ie no hotplug of any kind will work ? Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
