[libvirt] [RFC PATCH 0/2] qemu: deny privilege elevation and spawn in seccomp

Ján Tomko posted 2 patches 5 years, 12 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1522526710.git.jtomko@redhat.com
Test syntax-check failed
src/qemu/qemu_capabilities.c                       |  2 ++
src/qemu/qemu_capabilities.h                       |  1 +
src/qemu/qemu_command.c                            | 10 +++++--
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml   |  1 +
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml |  1 +
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml   |  1 +
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml   |  1 +
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  |  1 +
tests/qemuxml2argvdata/minimal-sandbox.args        | 25 ++++++++++++++++
tests/qemuxml2argvdata/minimal-sandbox.xml         | 34 ++++++++++++++++++++++
tests/qemuxml2argvtest.c                           |  3 ++
11 files changed, 78 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/minimal-sandbox.args
create mode 100644 tests/qemuxml2argvdata/minimal-sandbox.xml
[libvirt] [RFC PATCH 0/2] qemu: deny privilege elevation and spawn in seccomp
Posted by Ján Tomko 5 years, 12 months ago
QEMU changed the behavior of -sandbox on since 2.11 and it no longer
whitelists all the possible calls.

Override the meaning of seccomp_sandbox = 1 in qemu.conf
to block the privilege elevation set and spawn set on top of the
default.
Do the same by default even if no option is specified, hoping
that this should be enough for everybody (TM)

Sending as RFC to ask whether:
* this is a sensible default
* a coarse setting like this is enough
  or it makes sense to expose the individual sets in qemu.conf
  (in that case - can I reasonably promote an int setting to a list of strings?)

Ján Tomko (2):
  Introduce QEMU_CAPS_SECCOMP_BLACKLIST
  qemu: deny privilege elevation and spawn in seccomp

 src/qemu/qemu_capabilities.c                       |  2 ++
 src/qemu/qemu_capabilities.h                       |  1 +
 src/qemu/qemu_command.c                            | 10 +++++--
 tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  |  1 +
 tests/qemuxml2argvdata/minimal-sandbox.args        | 25 ++++++++++++++++
 tests/qemuxml2argvdata/minimal-sandbox.xml         | 34 ++++++++++++++++++++++
 tests/qemuxml2argvtest.c                           |  3 ++
 11 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/minimal-sandbox.args
 create mode 100644 tests/qemuxml2argvdata/minimal-sandbox.xml

-- 
2.13.6

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list