|
From: | Corey Bryant |
Subject: | Re: [Qemu-devel] [RFC] Continuous work on sandboxing |
Date: | Mon, 29 Apr 2013 17:52:10 -0400 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130402 Thunderbird/17.0.5 |
On 04/26/2013 05:07 PM, Paul Moore wrote:
[snip]>3. Debugging and/or learning mode - third party libraries still have the >problem of interfering in the Qemu's signal mask. According to some >previous discussions, perhaps patch all external libraries that mass up >with this mask (spice, for example) is a way to solve it. But not sure >if it worth the time spent. Would like to hear you guys.I think patching all the libraries is a losing battle, I think we need to pursue alternate debugging techniques. -- paul moore security and virtualization @ redhat
I agree. It would be nice to have some sort of learning mode that reported all denied syscalls on a single run, but signal handlers doesn't seem like the right way. Maybe we could improve on this approach, since it never gained traction: https://lkml.org/lkml/2013/1/7/313
At least we can get a single denied syscall at a time today via the audit log that the kernel issues. Eduardo, you may want to see if there's a good place to document that for QEMU so that people know where to look.
-- Regards, Corey Bryant
[Prev in Thread] | Current Thread | [Next in Thread] |