[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 00/24] Provide some actual restriction of qemu

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Mon, 9 Oct 2017 16:57:02 +0100
Cc: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>
Delivery-date: Mon, 09 Oct 2017 15:57:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

With this series, it is possible to run qemu in a way that I think
really does not have global privilege any more.

I have verified that it runs as a non-root user.  I have checked all
of its fds and they are either privcmd (which I have arranged to
neuter), or /dev/null, or harmless sockets and pipes, or evtchn.

Unfortunately this needs a new "xentoolcore" library, which all the
existing libraries register with so that the restrict call is
effective.

Also there are a number of lacunae.  See the documentation patches.

The series depends for its functionality on the corresponding qemu
series.

 a  01/26] xen: Provide XEN_DMOP_remote_shutdown
 a  02/26] xen: x86 dm_op: add missing newline before
 a  03/26] tools: libxendevicemodel: Provide
 a* 04/26] xentoolcore, _restrict_all: Introduce new library and
 a  05/26] xentoolcore: Link into stubdoms
  + 06/26] xentoolcore: Link into minios (update
 a  07/26] tools: qemu-xen build: prepare to link against
 a  08/26] libxl: #include "xentoolcore_internal.h"
 a  09/26] tools: move CONTAINER_OF to xentoolcore_internal.h
 a  10/26] xentoolcore_restrict_all: Implement for
 a  11/26] xentoolcore_restrict_all: "Implement" for libxencall
 a  12/26] xentoolcore_restrict: Break out
 a  13/26] xentoolcore_restrict_all: Implement for
 a  14/26] xentoolcore_restrict_all: Declare problems due to no
 a  15/26] xentoolcore_restrict_all: "Implement" for xengnttab
 a  16/26] tools/xenstore: get_handle: use "goto err" error
 a  17/26] tools/xenstore: get_handle: Allocate struct before
 a  18/26] xentoolcore_restrict_all: "Implement" for xenstore
 a  19/26] xentoolcore, _restrict_all: Document implementation
 a  20/26] xl, libxl: Provide dm_restrict
 a  21/26] libxl: Rationalise calculation of user to run qemu as
 a  22/26] libxl: libxl__dm_runas_helper: return pwd
 a  23/26] libxl: userlookup_helper_getpwnam rename and turn into
 a* 24/26] libxl: dm_restrict: Support uid range user
 a  25/26] tools: xentoolcore_restrict_all: use domid_t
  + 26/26] xl: Document VGA problems arising from lack of physmap

 a = acked (or, reviewed, for hypervisor patches)
 * = modified (acks retained since minor changes only)
 + = new in v4 of the series (since the original v3 post)

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2 00/24] Provide some actual restriction of qemu
  - From: Ian Jackson
- [Xen-devel] [PATCH 22/26] libxl: libxl__dm_runas_helper: return pwd
  - From: Ian Jackson
- [Xen-devel] [PATCH 26/26] xl: Document VGA problems arising from lack of physmap dmop
  - From: Ian Jackson
- [Xen-devel] [PATCH 24/26] libxl: dm_restrict: Support uid range user
  - From: Ian Jackson
- [Xen-devel] [PATCH 11/26] xentoolcore_restrict_all: "Implement" for libxencall
  - From: Ian Jackson
- [Xen-devel] [PATCH 13/26] xentoolcore_restrict_all: Implement for libxenforeignmemory
  - From: Ian Jackson
- [Xen-devel] [PATCH 20/26] xl, libxl: Provide dm_restrict
  - From: Ian Jackson
- [Xen-devel] [PATCH 04/26] xentoolcore, _restrict_all: Introduce new library and implementation
  - From: Ian Jackson
- [Xen-devel] [PATCH 23/26] libxl: userlookup_helper_getpwnam rename and turn into a macro
  - From: Ian Jackson
- [Xen-devel] [PATCH 25/26] tools: xentoolcore_restrict_all: use domid_t
  - From: Ian Jackson
- [Xen-devel] [PATCH 21/26] libxl: Rationalise calculation of user to run qemu as
  - From: Ian Jackson
- [Xen-devel] [PATCH 18/26] xentoolcore_restrict_all: "Implement" for xenstore
  - From: Ian Jackson
- [Xen-devel] [PATCH 08/26] libxl: #include "xentoolcore_internal.h"
  - From: Ian Jackson
- [Xen-devel] [PATCH 19/26] xentoolcore, _restrict_all: Document implementation "complete"
  - From: Ian Jackson
- [Xen-devel] [PATCH 06/26] xentoolcore: Link into minios (update MINIOS_UPSTREAM_REVISION)
  - From: Ian Jackson
- [Xen-devel] [PATCH 17/26] tools/xenstore: get_handle: Allocate struct before opening fd
  - From: Ian Jackson
- [Xen-devel] [PATCH 15/26] xentoolcore_restrict_all: "Implement" for xengnttab
  - From: Ian Jackson
- [Xen-devel] [PATCH 07/26] tools: qemu-xen build: prepare to link against xentoolcore
  - From: Ian Jackson
- [Xen-devel] [PATCH 16/26] tools/xenstore: get_handle: use "goto err" error handling style
  - From: Ian Jackson
- [Xen-devel] [PATCH 09/26] tools: move CONTAINER_OF to xentoolcore_internal.h
  - From: Ian Jackson
- [Xen-devel] [PATCH 12/26] xentoolcore_restrict: Break out xentoolcore__restrict_by_dup2_null
  - From: Ian Jackson
- [Xen-devel] [PATCH 14/26] xentoolcore_restrict_all: Declare problems due to no evtchn support
  - From: Ian Jackson
- [Xen-devel] [PATCH 01/26] xen: Provide XEN_DMOP_remote_shutdown
  - From: Ian Jackson
- [Xen-devel] [PATCH 05/26] xentoolcore: Link into stubdoms
  - From: Ian Jackson
- [Xen-devel] [PATCH 10/26] xentoolcore_restrict_all: Implement for libxendevicemodel
  - From: Ian Jackson
- [Xen-devel] [PATCH 02/26] xen: x86 dm_op: add missing newline before XEN_DMOP_inject_msi
  - From: Ian Jackson
- [Xen-devel] [PATCH 03/26] tools: libxendevicemodel: Provide xendevicemodel_shutdown
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] Windows "heinsenbug" (WAS: Re: Notes Design Session: Making Releases Lessons Learned: Improving Our Release Process and Tooling)
Next by Date: [Xen-devel] [PATCH 03/26] tools: libxendevicemodel: Provide xendevicemodel_shutdown
Previous by thread: Re: [Xen-devel] [PATCH 24/24] tools: xentoolcore_restrict_all: use domid_t
Next by thread: [Xen-devel] [PATCH 03/26] tools: libxendevicemodel: Provide xendevicemodel_shutdown
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.