[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU sandboxing



George Dunlap writes ("Re: [PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU 
sandboxing"):
> On 09/24/2018 02:04 PM, Ian Jackson wrote:
> > What about capabilities not known to the qemu source code ?
> 
> Hrm -- it looks like the sandboxing stuff is based on a blacklist,
> rather than a whitelist.  Which may be inevitable, given that seccomp2
> operates on system calls but qemu makes library calls (and thus doesn't
> actually know which system calls are need and which are not -- see [1]).
>  But it does rather undermine the usefulness of this as a security
> feature -- there are literally hundreds of system calls available on
> Linux, of which only 50 or so are listed here.

How annoying.

> Luckily `-sandbox` was just one of the "sure why not" layers of extra
> security, not something we rely on.

Right.

> We could add a test to our testing script to parse `-help` output for
> unknown-to-libxl options and throw an error, so that they get added in,
> if we want.

That sounds like a good idea.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.