[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC] Device sandboxing

From: Paul Moore
Subject: Re: [Qemu-devel] [RFC] Device sandboxing
Date: Wed, 14 Dec 2011 18:56:40 -0500
User-agent: KMail/4.7.4 (Linux/3.0.13-gentoo; KDE/4.7.4; x86_64; ; )

On Wednesday, December 14, 2011 11:15:58 AM Serge E. Hallyn wrote:
> Quoting Paul Moore (address@hidden):
> > On Wednesday, December 07, 2011 12:48:16 PM Anthony Liguori wrote:
> > > On 12/07/2011 12:25 PM, Corey Bryant wrote:
> > > > A group of us are starting to work on sandboxing QEMU device
> > > > emulation code. We're just getting started investigating
> > > > various approaches, and want to engage the community to gather
> > > > input.
> > > 
> > > > Following are the design points that we are currently considering:
> > > To be perfectly honest, I think prototyping and measuring
> > > performance is going to be the only way to figure out the right
> > > approach here.> 
> > Agreed.  I'm currently working on a prototype to play around with some
> > of the ideas discussed in this thread.  As soon as it is functional
> > I'll send a pointer/patches/etc. to the list.
> Hey Paul,
> just wondering, exactly which approache(s) are you prototyping?  Are you
> touching seccomp2?

The decomposed approach as I felt (well, still do for that matter) that the 
enhanced seccomp stuff could be put to even better use in a decomposed mode of 

However, earlier this week those of us involved in this effort were strongly 
discouraged (this probably isn't the best term to use, but there is a reason 
I'm a programmer and not an english student) from pursuing the decomposed 
prototype further so work on it has dropped off considerably.

I still think it is worth pursuing, if for no other reason than to answer 
questions that right now we can only answer with educated guesses, but it is 
no longer my main focus.  If anyone else is interested in this feel free to 
drop me some email and I can bring you up to speed on the current status.

As far as the enhanced seccomp patches for QEMU, I believe Corey said that IBM 
was starting work on a prototype based on the patches that Will posted earlier 
this year.  I don't expect this change to be very substantial, the hard part 
will be determining the syscall filter and maintaining it over time.

paul moore
virtualization @ redhat

reply via email to

[Prev in Thread] Current Thread [Next in Thread]