[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blac
From: |
Eduardo Otubo |
Subject: |
Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist |
Date: |
Fri, 11 Aug 2017 11:51:12 +0200 |
User-agent: |
Mutt/1.8.3+47 (5f034395e53d) (2017-05-23) |
On Thu, Aug 03, 2017 at 06:54:15PM +0200, Thomas Huth wrote:
> On 28.07.2017 14:10, Eduardo Otubo wrote:
> > This patch changes the default behavior of the seccomp filter from
> > whitelist to blacklist. By default now all system calls are allowed and
> > a small black list of definitely forbidden ones was created.
> >
> > Signed-off-by: Eduardo Otubo <address@hidden>
> > ---
> > qemu-seccomp.c | 256
> > +++++++--------------------------------------------------
> > vl.c | 5 +-
> > 2 files changed, 32 insertions(+), 229 deletions(-)
> >
> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > index df75d9c471..f8877b07b5 100644
> > --- a/qemu-seccomp.c
> > +++ b/qemu-seccomp.c
> > @@ -31,229 +31,29 @@ struct QemuSeccompSyscall {
> > uint8_t priority;
> > };
> [...]
> > +static const struct QemuSeccompSyscall blacklist[] = {
> > + { SCMP_SYS(reboot), 255 },
> > + { SCMP_SYS(swapon), 255 },
> > + { SCMP_SYS(swapoff), 255 },
> > + { SCMP_SYS(syslog), 255 },
> > + { SCMP_SYS(mount), 255 },
> > + { SCMP_SYS(umount), 255 },
> > + { SCMP_SYS(kexec_load), 255 },
> > + { SCMP_SYS(afs_syscall), 255 },
> > + { SCMP_SYS(break), 255 },
> > + { SCMP_SYS(ftime), 255 },
> > + { SCMP_SYS(getpmsg), 255 },
> > + { SCMP_SYS(gtty), 255 },
> > + { SCMP_SYS(lock), 255 },
> > + { SCMP_SYS(mpx), 255 },
> > + { SCMP_SYS(prof), 255 },
> > + { SCMP_SYS(profil), 255 },
> > + { SCMP_SYS(putpmsg), 255 },
> > + { SCMP_SYS(security), 255 },
> > + { SCMP_SYS(stty), 255 },
> > + { SCMP_SYS(tuxcall), 255 },
> > + { SCMP_SYS(ulimit), 255 },
> > + { SCMP_SYS(vserver), 255 },
> > };
>
> Does it makes sense to still keep the priority field? Everything is now
> marked with the value 255 and I currently fail to see the point of
> priorities when using blacklisting ... so maybe just get rid of it?
I think that's a fair point here. Don't see much of a point on such a
small number of syscalls. I just need to double check the libseccomp
docs if I can build the list without any priority information, but I'm
pretty sure I've seen this before.
--
Eduardo Otubo
Senior Software Engineer @ RedHat