[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [OSSTEST PATCH 17/17] dm restrict audit: Document future plans



Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
 ts-depriv-audit-qemu | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ts-depriv-audit-qemu b/ts-depriv-audit-qemu
index 2405b69..81bd5c0 100755
--- a/ts-depriv-audit-qemu
+++ b/ts-depriv-audit-qemu
@@ -56,6 +56,9 @@ END
         /usr/local/lib/xen/bin/depriv-fd-checker
 END
     stashfilecontents($fish_output,"fish-info-paused.txt");
+
+    # Ideally we would check other process properties too:
+    # eg, check that qemu has chrooted; check its uid; etc.
 }
 
 sub packages () {
@@ -139,6 +142,19 @@ sub mode_ispaused () {
     audit_fish();
 }
 
+# In the future when migration works, we would like to audit the qemu
+# receiving the migration stream.  This auditing should be done just
+# before the qemu starts reading the stream, as the stream might be
+# hostile and might be able to take over the receiving qemu.
+# I intend the following approach:
+#    install wrapper script for qemu, which:
+#      looks for  -incoming fd:%d   (libxl_dm.c:1416)
+#       substitutes a pipe which will cause qemu to block
+#       waits a fixed time
+#      maybe checks that qemu is reading that fd somehow
+#      runs the audit and leaves the output somewhere we can find it
+#      arranges for the blocking pipe thing to use cat to unblock qemu
+
 compile_data_re();
 $modesubproc->();
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.