Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blac

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blac

From:	Eduardo Otubo
Subject:	Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist
Date:	Fri, 11 Aug 2017 11:51:12 +0200
User-agent:	Mutt/1.8.3+47 (5f034395e53d) (2017-05-23)

On Thu, Aug 03, 2017 at 06:54:15PM +0200, Thomas Huth wrote:
> On 28.07.2017 14:10, Eduardo Otubo wrote:
> > This patch changes the default behavior of the seccomp filter from
> > whitelist to blacklist. By default now all system calls are allowed and
> > a small black list of definitely forbidden ones was created.
> > 
> > Signed-off-by: Eduardo Otubo <address@hidden>
> > ---
> >  qemu-seccomp.c | 256 
> > +++++++--------------------------------------------------
> >  vl.c           |   5 +-
> >  2 files changed, 32 insertions(+), 229 deletions(-)
> > 
> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > index df75d9c471..f8877b07b5 100644
> > --- a/qemu-seccomp.c
> > +++ b/qemu-seccomp.c
> > @@ -31,229 +31,29 @@ struct QemuSeccompSyscall {
> >      uint8_t priority;
> >  };
> [...]
> > +static const struct QemuSeccompSyscall blacklist[] = {
> > +    { SCMP_SYS(reboot), 255 },
> > +    { SCMP_SYS(swapon), 255 },
> > +    { SCMP_SYS(swapoff), 255 },
> > +    { SCMP_SYS(syslog), 255 },
> > +    { SCMP_SYS(mount), 255 },
> > +    { SCMP_SYS(umount), 255 },
> > +    { SCMP_SYS(kexec_load), 255 },
> > +    { SCMP_SYS(afs_syscall), 255 },
> > +    { SCMP_SYS(break), 255 },
> > +    { SCMP_SYS(ftime), 255 },
> > +    { SCMP_SYS(getpmsg), 255 },
> > +    { SCMP_SYS(gtty), 255 },
> > +    { SCMP_SYS(lock), 255 },
> > +    { SCMP_SYS(mpx), 255 },
> > +    { SCMP_SYS(prof), 255 },
> > +    { SCMP_SYS(profil), 255 },
> > +    { SCMP_SYS(putpmsg), 255 },
> > +    { SCMP_SYS(security), 255 },
> > +    { SCMP_SYS(stty), 255 },
> > +    { SCMP_SYS(tuxcall), 255 },
> > +    { SCMP_SYS(ulimit), 255 },
> > +    { SCMP_SYS(vserver), 255 },
> >  };
> 
> Does it makes sense to still keep the priority field? Everything is now
> marked with the value 255 and I currently fail to see the point of
> priorities when using blacklisting ... so maybe just get rid of it?

I think that's a fair point here. Don't see much of a point on such a
small number of syscalls. I just need to double check the libseccomp
docs if I can build the list without any priority information, but I'm
pretty sure I've seen this before.

-- 
Eduardo Otubo
Senior Software Engineer @ RedHat

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist, Daniel P. Berrange, 2017/08/02
- Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist, Thomas Huth, 2017/08/03
  - Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist, Eduardo Otubo <=
    - Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist, Daniel P. Berrange, 2017/08/11

Prev by Date: Re: [Qemu-devel] [PATCH v2 for-2.11 0/2] Improvements for the pxe tester
Next by Date: [Qemu-devel] [PATCH for-2.10? v2 0/2] block: Do OFD lock check at runtime
Previous by thread: Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist
Next by thread: Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist
Index(es):
- Date
- Thread