qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe secco


From: Namsun Ch'o
Subject: Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot tothe seccomp sandbox
Date: Mon, 5 Oct 2015 18:58:12 -0400

> Drawback: complexity.  If we decide to limit ourselves to the original
> threat model (rogue guest), and enter the sandbox only after setup, we
> can keep things simpler.

We could do both without much complexity. This looks simple enough to me:

  rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chroot), 1,
        SCMP_A0(SCMP_CMP_EQ, chroot_dir));
  if (rc < 0)
        goto seccomp_return;

  rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chdir), 1,
        SCMP_A0(SCMP_CMP_EQ, "/"));
  if (rc < 0)
        goto seccomp_return;

The only time chroot_dir is ever used is in os-posix.c:139:

  if (chroot(chroot_dir) < 0) {



reply via email to

[Prev in Thread] Current Thread [Next in Thread]