subject:"\[Qemu\-devel\] \[PATCH\] Add syscalls for \-runas and \-chroot tothe seccomp sandbox"

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

2015-10-05 Thread Markus Armbruster

"Namsun Ch'o" writes: >> Drawback: complexity. If we decide to limit ourselves to the original >> threat model (rogue guest), and enter the sandbox only after setup, we >> can keep things simpler. > > We could do both without much complexity. This looks simple enough to me: > > rc = seccomp_ru

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

2015-10-05 Thread Namsun Ch'o

> Drawback: complexity. If we decide to limit ourselves to the original > threat model (rogue guest), and enter the sandbox only after setup, we > can keep things simpler. We could do both without much complexity. This looks simple enough to me: rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

2015-10-05 Thread Daniel P. Berrange

On Mon, Oct 05, 2015 at 07:20:58AM +0200, Markus Armbruster wrote: > "Namsun Ch'o" writes: > > >> If we intend seccomp to protect against flaws during QEMU setup, then > >> having > >> it earlier is neccessary. eg QEMU opening a corrupt qcow2 image which might > >> exploit QEMU before the guest

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

2015-10-04 Thread Markus Armbruster

"Namsun Ch'o" writes: >> Our intention since the beginning was to protect the host from the >> illegal guest operations. But you do have an interesting point about >> flaws on qemu itself. Perhaps this might be something I could work on to >> improve (start a bigger whitelist and get it tighter b

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

2015-10-04 Thread Markus Armbruster

"Namsun Ch'o" writes: >> If we intend seccomp to protect against flaws during QEMU setup, then having >> it earlier is neccessary. eg QEMU opening a corrupt qcow2 image which might >> exploit QEMU before the guest CPUs start. > >> If the latter is the case, then we could start with a relaxed secc

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

2015-10-03 Thread Namsun Ch'o

> Our intention since the beginning was to protect the host from the > illegal guest operations. But you do have an interesting point about > flaws on qemu itself. Perhaps this might be something I could work on to > improve (start a bigger whitelist and get it tighter before guest > launches). Th

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

2015-10-03 Thread Namsun Ch'o

> If we intend seccomp to protect against flaws during QEMU setup, then having > it earlier is neccessary. eg QEMU opening a corrupt qcow2 image which might > exploit QEMU before the guest CPUs start. > If the latter is the case, then we could start with a relaxed seccomp > sandbox which included

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox

7 matches

Site Navigation

Mail list logo

Footer information