virtiofsd: add net and pid namespace sandboxing

[PATCH 0/2] virtiofsd: add net and pid namespace sandboxing

Stefan Hajnoczi posted 2 patches 4 years, 6 months ago

Download series mbox

Failed in applying to current master (apply log)

contrib/virtiofsd/passthrough_ll.c | 109 +++++++++++++++++++++++------
1 file changed, 86 insertions(+), 23 deletions(-)

Expand all Fold all

[PATCH 0/2] virtiofsd: add net and pid namespace sandboxing

Posted by Stefan Hajnoczi 4 years, 6 months ago

These patches are based on gitlab.com/virtio-fs/qemu.git virtio-fs-dev.

virtiofsd is sandboxed so that it does not have access to the system in the
event that the process is compromised.  At the moment we use seccomp and mount
namespaces to restrict the list of allowed syscalls and only give access to the
shared directory.

This patch series enhances sandboxing by putting virtiofsd into an empty
network and pid namespace.  If the process is compromised it will be unable to
perform network activity, even to localhost services running on the host.  It
will also be unable to see other processes running on the system since it runs
as pid 1 in a new pid namespace.

These enhancements are inspired by the Crosvm virtio-fs device's jail
configuration.

Stefan Hajnoczi (2):
  virtiofsd: move to an empty network namespace
  virtiofsd: move to a new pid namespace

 contrib/virtiofsd/passthrough_ll.c | 109 +++++++++++++++++++++++------
 1 file changed, 86 insertions(+), 23 deletions(-)

-- 
2.21.0