[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [OSSTEST PATCH 17/17] dm restrict audit: Document future plans
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> --- ts-depriv-audit-qemu | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/ts-depriv-audit-qemu b/ts-depriv-audit-qemu index 2405b69..81bd5c0 100755 --- a/ts-depriv-audit-qemu +++ b/ts-depriv-audit-qemu @@ -56,6 +56,9 @@ END /usr/local/lib/xen/bin/depriv-fd-checker END stashfilecontents($fish_output,"fish-info-paused.txt"); + + # Ideally we would check other process properties too: + # eg, check that qemu has chrooted; check its uid; etc. } sub packages () { @@ -139,6 +142,19 @@ sub mode_ispaused () { audit_fish(); } +# In the future when migration works, we would like to audit the qemu +# receiving the migration stream. This auditing should be done just +# before the qemu starts reading the stream, as the stream might be +# hostile and might be able to take over the receiving qemu. +# I intend the following approach: +# install wrapper script for qemu, which: +# looks for -incoming fd:%d (libxl_dm.c:1416) +# substitutes a pipe which will cause qemu to block +# waits a fixed time +# maybe checks that qemu is reading that fd somehow +# runs the audit and leaves the output somewhere we can find it +# arranges for the blocking pipe thing to use cat to unblock qemu + compile_data_re(); $modesubproc->(); -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |