Re: [Qemu-devel] [PATCH v3 1/6] seccomp: changing from whitelist to blacklist

Fri, 11 Aug 2017 03:12:04 -0700 

On Fri, Aug 11, 2017 at 11:51:12AM +0200, Eduardo Otubo wrote:
> On Thu, Aug 03, 2017 at 06:54:15PM +0200, Thomas Huth wrote:
> > On 28.07.2017 14:10, Eduardo Otubo wrote:
> > > This patch changes the default behavior of the seccomp filter from
> > > whitelist to blacklist. By default now all system calls are allowed and
> > > a small black list of definitely forbidden ones was created.
> > > 
> > > Signed-off-by: Eduardo Otubo <ot...@redhat.com>
> > > ---
> > >  qemu-seccomp.c | 256 
> > > +++++++--------------------------------------------------
> > >  vl.c           |   5 +-
> > >  2 files changed, 32 insertions(+), 229 deletions(-)
> > > 
> > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > > index df75d9c471..f8877b07b5 100644
> > > --- a/qemu-seccomp.c
> > > +++ b/qemu-seccomp.c
> > > @@ -31,229 +31,29 @@ struct QemuSeccompSyscall {
> > >      uint8_t priority;
> > >  };
> > [...]
> > > +static const struct QemuSeccompSyscall blacklist[] = {
> > > +    { SCMP_SYS(reboot), 255 },
> > > +    { SCMP_SYS(swapon), 255 },
> > > +    { SCMP_SYS(swapoff), 255 },
> > > +    { SCMP_SYS(syslog), 255 },
> > > +    { SCMP_SYS(mount), 255 },
> > > +    { SCMP_SYS(umount), 255 },
> > > +    { SCMP_SYS(kexec_load), 255 },
> > > +    { SCMP_SYS(afs_syscall), 255 },
> > > +    { SCMP_SYS(break), 255 },
> > > +    { SCMP_SYS(ftime), 255 },
> > > +    { SCMP_SYS(getpmsg), 255 },
> > > +    { SCMP_SYS(gtty), 255 },
> > > +    { SCMP_SYS(lock), 255 },
> > > +    { SCMP_SYS(mpx), 255 },
> > > +    { SCMP_SYS(prof), 255 },
> > > +    { SCMP_SYS(profil), 255 },
> > > +    { SCMP_SYS(putpmsg), 255 },
> > > +    { SCMP_SYS(security), 255 },
> > > +    { SCMP_SYS(stty), 255 },
> > > +    { SCMP_SYS(tuxcall), 255 },
> > > +    { SCMP_SYS(ulimit), 255 },
> > > +    { SCMP_SYS(vserver), 255 },
> > >  };
> > 
> > Does it makes sense to still keep the priority field? Everything is now
> > marked with the value 255 and I currently fail to see the point of
> > priorities when using blacklisting ... so maybe just get rid of it?
> 
> I think that's a fair point here. Don't see much of a point on such a
> small number of syscalls. I just need to double check the libseccomp
> docs if I can build the list without any priority information, but I'm
> pretty sure I've seen this before.

Just always pass 255 to libseccomp apis directly. Its merely redundant
to store the value 255 in this QEMU  specific struct.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to