[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Disabling outgoing connectiong from within guest
From: |
Johannes Schindelin |
Subject: |
Re: [Qemu-devel] Disabling outgoing connectiong from within guest |
Date: |
Fri, 20 Jun 2008 13:41:46 +0200 (CEST) |
User-agent: |
Alpine 1.00 (LSU 882 2007-12-20) |
Hi,
On Thu, 19 Jun 2008, Paul Brook wrote:
> On Wednesday 18 June 2008, Łukasz Taczuk wrote:
>
> > I would like to create a sandboxed environment in which random users
> > would be able to roam freely using ssh. However, I don't want to allow
> > them to open outgoing connections just as if the box was offline (even
> > if the guest is compromised). Basically I would like to have something
> > like reversed user mode network stack: you can log in to the guest,
> > but once you're in, you cannot connect to the host nor any other
> > machine.
>
> Your host OS firewall/packet filter should already be able to do this.
> IMHO there's little or no point reimplementing this functionality in
> qemu.
Except that Lukasz wrote about users in the sandboxed environment, not all
users of the _host_ machine.
So there is obviously a point in implementing this in QEmu, _especially_
when you use a proprietary guest OS which you cannot fully trust.
Lukasz: I have had the need myself, and have some crude code to do that.
If you want to use it as a starting point, and want to develop it into
something really usable, give me a shout and I send you my patch.
Ciao,
Dscho