On 22/08/2018 - 19:02:46, Marc-André Lureau wrote: > Hi, > > This series fixes 2 issues with -sandbox: > > - The seccomp action SCMP_ACT_KILL results in immediate termination of > the thread that made the bad system call. However, qemu being > multi-threaded, it keeps running. There is no easy way for parent > process / management layer (libvirt) to know about that situation. > > Instead, the default SIGSYS handler when invoked with SCMP_ACT_TRAP > will terminate the program and core dump. > > This may not be the most secure solution, but probably better than > just killing the offending thread. SCMP_ACT_KILL_PROCESS has been > added in Linux 4.14 to improve the situation, which I propose to use > by default if available. > > Related to: > https://bugzilla.redhat.com/show_bug.cgi?id=1594456 > > - The seccomp filter isn't applied to all threads. We can solve the > issue by using SECCOMP_FILTER_FLAG_TSYNC since libseccomp 2.2.0 and > kernel >= 3.17. > > v3: > - modify qemu_seccomp() to set errno=ENOSYS > - add patch "seccomp: set the seccomp filter to all threads" > > v2: > - fix clang unused inline warning > - add acked-by/r-b tags > > Marc-André Lureau (4): > seccomp: use SIGSYS signal instead of killing the thread > seccomp: prefer SCMP_ACT_KILL_PROCESS if available > configure: require libseccomp 2.2.0 > seccomp: set the seccomp filter to all threads > > qemu-seccomp.c | 36 +++++++++++++++++++++++++++++++++++- > configure | 7 ++----- > 2 files changed, 37 insertions(+), 6 deletions(-) > > -- > 2.18.0.547.g1d89318c48 > Acked-by: Eduardo Otubo <ot...@redhat.com>
signature.asc
Description: PGP signature
