[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU sandboxing
George Dunlap writes ("Re: [PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU sandboxing"): > On 09/24/2018 02:04 PM, Ian Jackson wrote: > > What about capabilities not known to the qemu source code ? > > Hrm -- it looks like the sandboxing stuff is based on a blacklist, > rather than a whitelist. Which may be inevitable, given that seccomp2 > operates on system calls but qemu makes library calls (and thus doesn't > actually know which system calls are need and which are not -- see [1]). > But it does rather undermine the usefulness of this as a security > feature -- there are literally hundreds of system calls available on > Linux, of which only 50 or so are listed here. How annoying. > Luckily `-sandbox` was just one of the "sure why not" layers of extra > security, not something we rely on. Right. > We could add a test to our testing script to parse `-help` output for > unknown-to-libxl options and throw an error, so that they get added in, > if we want. That sounds like a good idea. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |