Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist

Fri, 11 Aug 2017 02:51:52 -0700 

On Thu, Aug 03, 2017 at 06:54:15PM +0200, Thomas Huth wrote:
> On 28.07.2017 14:10, Eduardo Otubo wrote:
> > This patch changes the default behavior of the seccomp filter from
> > whitelist to blacklist. By default now all system calls are allowed and
> > a small black list of definitely forbidden ones was created.
> > 
> > Signed-off-by: Eduardo Otubo <ot...@redhat.com>
> > ---
> >  qemu-seccomp.c | 256 
> > +++++++--------------------------------------------------
> >  vl.c           |   5 +-
> >  2 files changed, 32 insertions(+), 229 deletions(-)
> > 
> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > index df75d9c471..f8877b07b5 100644
> > --- a/qemu-seccomp.c
> > +++ b/qemu-seccomp.c
> > @@ -31,229 +31,29 @@ struct QemuSeccompSyscall {
> >      uint8_t priority;
> >  };
> [...]
> > +static const struct QemuSeccompSyscall blacklist[] = {
> > +    { SCMP_SYS(reboot), 255 },
> > +    { SCMP_SYS(swapon), 255 },
> > +    { SCMP_SYS(swapoff), 255 },
> > +    { SCMP_SYS(syslog), 255 },
> > +    { SCMP_SYS(mount), 255 },
> > +    { SCMP_SYS(umount), 255 },
> > +    { SCMP_SYS(kexec_load), 255 },
> > +    { SCMP_SYS(afs_syscall), 255 },
> > +    { SCMP_SYS(break), 255 },
> > +    { SCMP_SYS(ftime), 255 },
> > +    { SCMP_SYS(getpmsg), 255 },
> > +    { SCMP_SYS(gtty), 255 },
> > +    { SCMP_SYS(lock), 255 },
> > +    { SCMP_SYS(mpx), 255 },
> > +    { SCMP_SYS(prof), 255 },
> > +    { SCMP_SYS(profil), 255 },
> > +    { SCMP_SYS(putpmsg), 255 },
> > +    { SCMP_SYS(security), 255 },
> > +    { SCMP_SYS(stty), 255 },
> > +    { SCMP_SYS(tuxcall), 255 },
> > +    { SCMP_SYS(ulimit), 255 },
> > +    { SCMP_SYS(vserver), 255 },
> >  };
> 
> Does it makes sense to still keep the priority field? Everything is now
> marked with the value 255 and I currently fail to see the point of
> priorities when using blacklisting ... so maybe just get rid of it?

I think that's a fair point here. Don't see much of a point on such a
small number of syscalls. I just need to double check the libseccomp
docs if I can build the list without any priority information, but I'm
pretty sure I've seen this before.

-- 
Eduardo Otubo
Senior Software Engineer @ RedHat

Reply via email to