|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [OSSTEST PATCH 17/17] dm restrict audit: Document future plans
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
ts-depriv-audit-qemu | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/ts-depriv-audit-qemu b/ts-depriv-audit-qemu
index 2405b69..81bd5c0 100755
--- a/ts-depriv-audit-qemu
+++ b/ts-depriv-audit-qemu
@@ -56,6 +56,9 @@ END
/usr/local/lib/xen/bin/depriv-fd-checker
END
stashfilecontents($fish_output,"fish-info-paused.txt");
+
+ # Ideally we would check other process properties too:
+ # eg, check that qemu has chrooted; check its uid; etc.
}
sub packages () {
@@ -139,6 +142,19 @@ sub mode_ispaused () {
audit_fish();
}
+# In the future when migration works, we would like to audit the qemu
+# receiving the migration stream. This auditing should be done just
+# before the qemu starts reading the stream, as the stream might be
+# hostile and might be able to take over the receiving qemu.
+# I intend the following approach:
+# install wrapper script for qemu, which:
+# looks for -incoming fd:%d (libxl_dm.c:1416)
+# substitutes a pipe which will cause qemu to block
+# waits a fixed time
+# maybe checks that qemu is reading that fd somehow
+# runs the audit and leaves the output somewhere we can find it
+# arranges for the blocking pipe thing to use cat to unblock qemu
+
compile_data_re();
$modesubproc->();
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |