[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the secc
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the seccomp sandbox |
Date: |
Fri, 2 Oct 2015 09:30:47 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Thu, Oct 01, 2015 at 02:06:32PM +0200, Markus Armbruster wrote:
> "Namsun Ch'o" <address@hidden> writes:
>
> > The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which
> > are
> > needed for -runas to work. It also doesn't whitelist chroot, which is needed
> > for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
> > privileges or chroots, so without these whitelisted, -runas and -chroot
> > cause
> > QEMU to be killed with -sandbox on. This patch adds those syscalls.
>
> Should it enable seccomp a bit later?
Yeah, I think it would be better to move the seccomp enablement later.
Adding setuid and chroot to the allow list is pretty strongly undesirable
from a security protection POV.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the seccomp sandbox, Eduardo Otubo, 2015/10/09