[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the secc
From: |
Eduardo Otubo |
Subject: |
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the seccomp sandbox |
Date: |
Thu, 8 Oct 2015 15:34:12 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Thu, Oct 01, 2015 at 12=36=05AM -0400, Namsun Ch'o wrote:
> The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are
> needed for -runas to work. It also doesn't whitelist chroot, which is needed
> for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
> privileges or chroots, so without these whitelisted, -runas and -chroot cause
> QEMU to be killed with -sandbox on. This patch adds those syscalls.
>
> Signed-off-by: Namsun Ch'o <address@hidden>
> ---
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index f9de0d3..5cb1809 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -237,7 +237,11 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = {
> { SCMP_SYS(fadvise64), 240 },
> { SCMP_SYS(inotify_init1), 240 },
> { SCMP_SYS(inotify_add_watch), 240 },
> - { SCMP_SYS(mbind), 240 }
> + { SCMP_SYS(mbind), 240 },
> + { SCMP_SYS(setuid), 240 },
> + { SCMP_SYS(setgid), 240 },
> + { SCMP_SYS(chroot), 240 },
> + { SCMP_SYS(setgroups), 240 }
> };
>
> int seccomp_start(void)
Breaking a qemu use case is justification enough to whitelist more
syscalls, but we can come up with a better solution for this (continue
the thread) and tighten up this in the future.
Thanks for your contribution.
Acked-by: Eduardo Otubo <address@hidden>
ps.: the threads are still being broken by your emails and it's a pain
to track down all of them in order to read. Please fix it.
--
Eduardo Otubo
ProfitBricks GmbH
signature.asc
Description: Digital signature
Re: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the seccomp sandbox,
Eduardo Otubo <=