Hello folks,
Resuming the sandboxing work, I'd like to ask for comments on the
ideias I have:
1. Reduce whitelist to the optimal subset: Run various tests on Qemu
with different configurations to reduce to the smallest syscall set
possible; test and send a patch weekly (this is already being performed
and a patch is on the way)
2. Introduce a second whitelist - the whitelist should be defined in
libvirt and passed on to qemu or just pre defined in Qemu? Also remove
execve() and avoid open() and socket() and its parameters - also
wondering if (and how) we should pass the fd along from libvirt to qemu.
3. Debugging and/or learning mode - third party libraries still have the
problem of interfering in the Qemu's signal mask. According to some
previous discussions, perhaps patch all external libraries that mass up
with this mask (spice, for example) is a way to solve it. But not sure
if it worth the time spent. Would like to hear you guys.
Regards,
--
Eduardo Otubo
IBM Linux Technology Center
