On Mon, Nov 02, 2015 at 08=51=26AM +0100, Paolo Bonzini wrote: > > > On 30/10/2015 14:44, Eduardo Otubo wrote: > > From: Namsun Ch'o <namn...@safe-mail.net> > > > > The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which > > are > > needed for -runas to work. It also doesn't whitelist chroot, which is needed > > for the -chroot option. Unfortunately, QEMU enables seccomp before it drops > > privileges or chroots, so without these whitelisted, -runas and -chroot > > cause > > QEMU to be killed with -sandbox on. This patch adds those syscalls. > > I think this patch should not be applied, because it completely defeats > the purpose of the sandbox. With these syscalls whitelisted, -runas and > -chroot have absolutely no effect against an attacker, even with > -sandbox on. >
Also, Namsun's emails are bouncing back. Don't know if it's worth to merge them with no valid author's contact. -- Eduardo Otubo ProfitBricks GmbH
signature.asc
Description: Digital signature
