A previous commit, "seccomp: add the asynchronous I/O syscalls to the
whitelist", added several asynchronous I/O syscalls but left out the
io_submit() and io_cancel() syscalls. This patch corrects this by
adding the two missing asynchronous I/O syscalls.
Signed-off-by: Paul Moore
It appears that even a very simple /etc/qemu-ifup configuration can
require the arch_prctl() syscall, see the example below:
#!/bin/sh
/sbin/ifconfig $1 0.0.0.0 up
/usr/sbin/brctl addif $1
Signed-off-by: Paul Moore
---
qemu-seccomp.c |3 ++-
1 file changed, 2
ave such a tool the moment - it's
hard enough generating correct filters with a nice architecture agnostic
manner :)
On the plus side, I think libseccomp is very close to being pretty much
feature complete (excluding new architectures that may pop up, at present we
are only x86, x86_64
On Thursday, July 18, 2013 08:48:10 PM Peter Maydell wrote:
> On 18 July 2013 20:39, Paul Moore wrote:
> > On the plus side, I think libseccomp is very close to being pretty much
> > feature complete (excluding new architectures that may pop up, at present
> > we are only
On Thursday, July 18, 2013 10:31:46 PM Peter Maydell wrote:
> On 18 July 2013 21:05, Paul Moore wrote:
> > On Thursday, July 18, 2013 08:48:10 PM Peter Maydell wrote:
> >> On 18 July 2013 20:39, Paul Moore wrote:
> >> > On the plus side, I think libseccomp is v
On Monday, July 15, 2013 03:32:01 PM Paul Moore wrote:
> A previous commit, "seccomp: add the asynchronous I/O syscalls to the
> whitelist", added several asynchronous I/O syscalls but left out the
> io_submit() and io_cancel() syscalls. This patch corrects this by
>
On Thursday, July 18, 2013 09:57:03 AM Paul Moore wrote:
> It appears that even a very simple /etc/qemu-ifup configuration can
> require the arch_prctl() syscall, see the example below:
>
> #!/bin/sh
> /sbin/ifconfig $1 0.0.0.0 up
> /usr/sbin/brctl addif $1
explaining that that VNC password
auth is not allowed in FIPS mode.
Signed-off-by: Paul Moore
---
qemu-doc.texi |8 +---
ui/vnc.c | 32
ui/vnc.h |1 +
3 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/qemu-doc.texi b/qemu-doc.texi
On Wednesday, May 02, 2012 12:54:21 AM Andreas Färber wrote:
> Am 01.05.2012 23:20, schrieb Paul Moore:
> > FIPS 140-2 requires disabling certain ciphers, including DES, which is
> > used
> > by VNC to obscure passwords when they are sent over the network. The
> > so
On Wednesday, May 02, 2012 10:18:50 AM Daniel P. Berrange wrote:
> On Tue, May 01, 2012 at 05:20:40PM -0400, Paul Moore wrote:
> > diff --git a/ui/vnc.c b/ui/vnc.c
> > index deb9ecd..620791e 100644
> > --- a/ui/vnc.c
> > +++ b/ui/vnc.c
> > @@ -32,6 +32,7 @@
> &g
explaining that VNC password auth is
not allowed in FIPS mode.
Signed-off-by: Paul Moore
--
Changelog
* v2
- Protected syslog with _WIN32
- Protected the guts of fips_enabled() with __linux__
- Converted fips_enabled() and the fips flag from int to bool
*v1
- Initial draft
---
qemu-doc.texi |8
On Thursday, May 03, 2012 09:29:15 AM Daniel P. Berrange wrote:
> On Wed, May 02, 2012 at 03:32:56PM -0400, Paul Moore wrote:
> > static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
> > {
> > #ifdef _VNC_DEBUG
> >
> > @@ -2748,6 +2772,14 @@ void
On Thursday, May 03, 2012 04:54:42 PM Alexander Graf wrote:
> On 02.05.2012, at 21:32, Paul Moore wrote:
> > FIPS 140-2 requires disabling certain ciphers, including DES, which is
> > used
> > by VNC to obscure passwords when they are sent over the network. The
> > so
at 11:01:29AM +0200, Alexander Graf wrote:
> >>>> On 03.05.2012, at 10:57, Daniel P. Berrange wrote:
> >>>>> On Thu, May 03, 2012 at 10:51:15AM +0200, Alexander Graf wrote:
> >>>>>> On 03.05.2012, at 10:29, Daniel P. Berrange wrote:
> >>>
syslog entry and a message to stderr when
the host system is running in FIPS mode and a VNC password was specified on
the commend line. If the system is not running in FIPS mode, or is running
in FIPS mode but VNC password authentication was not requested, qemu
operates normally.
Signed-off-by: Paul
> vs->fips = FIPS_mode();
> #endif
>
> and skip fips_enabled(void).
>
> Much easier!
If QEMU's VNC implementation used OpenSSL's DES cipher for the password
encryption I would agree with you, but QEMU uses its own implementation
(ui/d3des.*) and because of this I think it makes the most sense to check the
kernel setting directly.
--
paul moore
security and virtualization @ redhat
On Friday, May 04, 2012 09:54:17 AM Daniel P. Berrange wrote:
> On Thu, May 03, 2012 at 05:00:45PM -0400, Paul Moore wrote:
> > FIPS 140-2 requires disabling certain ciphers, including DES, which is
> > used
> > by VNC to obscure passwords when they are sent over the network.
ull request?
>
> Paolo
Out of respect for the work that Eduardo has done, and is continuing to do,
with the QEMU seccomp filtering, I think Eduardo should be the one to take on
this role. If Eduardo declines I'll do ahead and submit a patch adding myself
to the MAINTAINERS file.
>
f it makes more sense to the
QEMU devs you can always add me as a co-maintainer.
Regardless, I do plan on continuing to review/test patches and I don't expect
that to change in the near future.
> Please wait for Anthony's ack. I changed the subject and CCed him to
> grab his attention.
>
> Paolo
--
paul moore
security and virtualization @ redhat
the MAINTAINERS
> file so I can take care of the sandbox feature in Qemu.
>
> MAINTAINERS |6 ++
> 1 files changed, 6 insertions(+), 0 deletions(-)
Acked-by: Paul Moore
> diff --git a/MAINTAINERS b/MAINTAINERS
> index d128ed0..09c5148 100644
> --- a/MAINTAINERS
&
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
> > This was causing Qemu process to hang when using -sandbox on.
> >
> > Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
&
hings which require privileges
> seccomp is blocking, then libvirt should avoid using them. eg by making
> use of FD passing where appropriate to reduce privileges qemu needs.
I agree.
--
paul moore
security and virtualization @ redhat
On Wednesday, September 18, 2013 04:59:10 PM Daniel P. Berrange wrote:
> On Wed, Sep 18, 2013 at 11:53:09AM -0400, Paul Moore wrote:
> > On Wednesday, September 18, 2013 08:38:17 AM Daniel P. Berrange wrote:
> > > Libvirt does not want to be in the business of creati
emu-devel
is not interested in, what about libvirt-lxc? What about all of the other
virtualization drivers supported by libvirt (granted, not all would be
candidates for syscall filtering, but you get the idea).
--
paul moore
security and virtualization @ redhat
On Wednesday, September 18, 2013 05:32:17 PM Daniel P. Berrange wrote:
> On Wed, Sep 18, 2013 at 12:19:44PM -0400, Paul Moore wrote:
> > On Wednesday, September 18, 2013 04:59:10 PM Daniel P. Berrange wrote:
> > > On Wed, Sep 18, 2013 at 11:53:09AM -0400, Paul Moore wrote:
&g
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
> > This was causing Qemu process to hang when using -sandbox on.
> >
> > Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
&
available in the git repository at:
>
> git://github.com/otubo/qemu.git seccomp
>
> Eduardo Otubo (1):
> seccomp: fine tuning whitelist by adding times()
>
> qemu-seccomp.c |1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
Just a follow-up ping to
rently working on a prototype to play around with some of the
ideas discussed in this thread. As soon as it is functional I'll send a
pointer/patches/etc. to the list.
--
paul moore
virtualization @ redhat
ferent hardware assisted
virtualization platforms/CPUs?
2. What is the additional performance overhead for nested virtualization?
Generalizations are okay, I'm just trying to get a basic understanding.
3. What, if any, management concerns are there with nested virtualization?
--
paul moore
virtualization @ redhat
been
> implemented, through I don't know if it's been merged, or had any serious
> performance tuning. My main intent was to raise this as a potentially
> viable alternative. Someone who actually cares about the answer can figure
> out the details and cobble together some benchmarks :-)
Well, if we see no answers and see no interest it probably isn't a viable
alternative as no interest typically means no code.
--
paul moore
virtualization @ redhat
t a
> > viable alternative as no interest typically means no code.
>
> You're using circular logic. Based on that theory your proposal isn't
> viable either. If it was someone would have done it laready!
Did you miss the part where we are working on a prototype? To me that signals
interest and code.
--
paul moore
virtualization @ redhat
ame opinions and interests.
--
paul moore
virtualization @ redhat
On Wednesday, December 14, 2011 11:15:58 AM Serge E. Hallyn wrote:
> Quoting Paul Moore (pmo...@redhat.com):
> > On Wednesday, December 07, 2011 12:48:16 PM Anthony Liguori wrote:
> > > On 12/07/2011 12:25 PM, Corey Bryant wrote:
> > > > A group of us are starting to
On Thursday, December 15, 2011 09:14:11 AM Serge Hallyn wrote:
> Quoting Corey Bryant (cor...@linux.vnet.ibm.com):
> > On 12/14/2011 06:56 PM, Paul Moore wrote:
> > >On Wednesday, December 14, 2011 11:15:58 AM Serge E. Hallyn wrote:
> > >>Hey Paul,
> > &g
ermitted instead ?
> The latter is what I see gtk2 source code passing for mode.
It wouldn't match the rule as written above, if it doesn't match any other
configured rules it would hit the default filter action.
--
paul moore
security @ redhat
On Friday, June 08, 2012 05:38:12 PM Paul Moore wrote:
> FIPS 140-2 requires disabling certain ciphers, including DES, which is used
> by VNC to obscure passwords when they are sent over the network. The
> solution for FIPS users is to disable the use of VNC password auth when the
>
On Tuesday, July 31, 2012 09:12:57 PM Daniel P. Berrange wrote:
> On Tue, Jul 31, 2012 at 02:52:07PM -0500, Anthony Liguori wrote:
> > Paul Moore writes:
> > > On Friday, June 08, 2012 05:38:12 PM Paul Moore wrote:
> > >> FIPS 140-2 requires disabling certain ci
cation was not requested, QEMU operates normally.
Signed-off-by: Paul Moore
--
Changelog
* v5
- Added the '-enable-fips' command line option
* v4
- Removed the use of syslog
* v3
- Use fgetc() instead of fgets() in fips_enabled
- Only emit a syslog message if the caller tries to u
I'm currently running into a problem when running recent Linux kernels as a
guest under QEMU with KQEMU kernel acceleration. My problem is that early in
the boot process the guest kernel panics, the host OS appears to be
unaffected. The panic can be different depending on the guest Linux
dist
I'm currently running into a problem when running recent Linux kernels as a
guest under QEMU with KQEMU kernel acceleration. My problem is that early in
the boot process the guest kernel panics, the host OS appears to be
unaffected. The panic can be different depending on the guest Linux
dist
101 - 140 of 140 matches
Mail list logo
