My apologies, I forgot to add the v3 into the PATCH tag. On Thu, Jun 21, 2012 at 07:10:36PM -0300, Eduardo Otubo wrote: > Hello all, > > This is the third effort to sandbox Qemu guests using Libseccomp[0]. The > patches that follows are pretty simple and straightforward. I added the > correct > options and checks to the configure script and the basic calls to libseccomp > in > the main loop at vl.c. Details of each one are in the emails of the patch set. > > v2: The code now is separated in the files qemu-seccomp.c and qemu-seccomp.h > for a cleaner implementation. > > This support limits the system call footprint of the entire QEMU process to a > limited set of syscalls, those that we know QEMU uses. The idea is to limit > the allowable syscalls, therefore limiting the impact that an attacked guest > could have on the host system. > > It's important to note that the libseccomp itself needs the seccomp mode 2 > feature in the kernel, which is pretty close to get to the mainline since it's > already been accepted to the linux-next branch[1]. > > v2: I also tested with the 3.5-rc1 kernel, which is the one with seccomp mode > 2 > support. Everything went fine. > > v3: As we discussed in previous emails in this very mailing list, this feature > is not supposed to replace existing security feature, but add another layer to > the whole. The whitelist should contain all the syscalls QEMU needs, so its > execution won't be affected, just safer. And as stated by Will Drewry's commit > message[1]: "Filter programs will be inherited across fork/clone and execve.", > the same white list should be passed along from the father process to the > child, then execve() shouldn't be a problem. > > As always, comments are more than welcome. > > Regards, > > [0] - Now you don't need to git clone anymore, you can download the first > release - http://sourceforge.net/projects/libseccomp/ > [1] - > http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727 > > > Eduardo Otubo (2): > Adding support for libseccomp in configure and Makefile > Creating qemu-seccomp.[ch] and adding call to vl.c > > Makefile.objs | 4 +++ > configure | 23 +++++++++++++++ > qemu-seccomp.c | 88 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > qemu-seccomp.h | 23 +++++++++++++++ > vl.c | 11 +++++++ > 5 files changed, 149 insertions(+) > create mode 100644 qemu-seccomp.c > create mode 100644 qemu-seccomp.h > > -- > 1.7.9.5 >
-- Eduardo Otubo Software Engineer Linux Technology Center IBM Systems & Technology Group Mobile: +55 19 8135 0885 eot...@linux.vnet.ibm.com