On Tue, Oct 23, 2012 at 11:10:58AM -0400, Corey Bryant wrote:
On 10/23/2012 01:55 AM, Eduardo Otubo wrote:
This patch includes a second whitelist right before the main loop. It's
a smaller and more restricted whitelist, excluding execve() among many
others.
v2: * ctx changed
...@redhat.com
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 64329a3..a7b33e2 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -45,6 +45,13 @@ static
This patch includes a second whitelist right before the main loop. It's
a smaller and more restricted whitelist, excluding execve() among many
others.
v2: * ctx changed to main_loop_ctx
* seccomp_on now inside ifdef
* open syscall added to the main_loop whitelist
Signed-off-by: Eduardo
Now the seccomp filter will be set to on even if no argument
-sandbox is given.
v2: nothing new
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 2 +-
vl.c | 38 +++---
2 files changed, 28 insertions(+), 12 deletions(-)
diff --git
, and also to the Qemu options.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
hmp-commands.hx | 4 ++--
net.c | 1 +
net/tap.c | 5 +
qemu-options.hx | 3 ++-
qmp-commands.hx | 3 ++-
5 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/hmp-commands.hx b
Now the seccomp filter will be set to on even if no argument
-sandbox is given.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 2 +-
vl.c | 38 +++---
2 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/configure b
This patch includes a second whitelist right before the main loop. It's
a smaller and more restricted whitelist, excluding execve() among many
others.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 94 --
qemu
With the inclusion of the new double whitelist seccomp filter, Qemu
won't be able to execve() in runtime, thus, no hotplug net devices
allowed.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
hmp.c | 6 ++
net.c | 13 +
2 files changed, 19 insertions(+)
diff --git
According to the bug 855162[0] - there's the need of adding new syscalls
to the whitelist whenn using Qemu with Libvirt.
[1] - https://bugzilla.redhat.com/show_bug.cgi?id=855162
Reported-by: Paul Moore pmo...@redhat.com
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c
On Wed, Sep 26, 2012 at 11:14:29AM -0400, Paul Moore wrote:
On Thursday, September 20, 2012 06:00:59 PM Eduardo Otubo wrote:
Seccomp syscall whitelist updated after tests running qemu under
libvirt ...
Hi Eduardo,
I know from our discussions offlist that you have an additional debugging
Anyone interested in taking a look at this piece of code? Thanks!
On Fri, Sep 21, 2012 at 09:40:33AM -0300, Eduardo Otubo wrote:
Seccomp syscall whitelist updated after tests running qemu under
libvirt. Reference to the bug -
https://bugzilla.redhat.com/show_bug.cgi?id=855162
Signed-off
Seccomp syscall whitelist updated after tests running qemu under
libvirt. Reference to the bug -
https://bugzilla.redhat.com/show_bug.cgi?id=855162
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 21 -
1 file changed, 20 insertions(+), 1 deletion
Seccomp syscall whitelist updated after tests running qemu under
libvirt. Reference to the bug -
https://bugzilla.redhat.com/show_bug.cgi?id=855162
Regards,
---
qemu-seccomp.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/qemu-seccomp.c
On Wed, Aug 15, 2012 at 05:44:38PM -0500, Anthony Liguori wrote:
Hi,
I attempted to apply Eduardo's seccomp patches and ran into a number of
problems. In the interest of time, I thought it would be easier for me to fix
them and just respin the series myself.
I've tested this as best I
On Wed, Aug 15, 2012 at 09:22:20AM -0500, anth...@codemonkey.ws wrote:
Hi,
Today is the hard freeze for 1.2. If you have any pull requests and/or
patches targetted for the hard freeze, please send them by 3pm
US/Central time today and clearly mark them for-1.2.
If there are existing
?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (4):
Adding support for libseccomp in configure and Makefile
Adding qemu-seccomp.[ch]
Adding seccomp calls to vl.c
Command line support for seccomp with -sandbox
Makefile.objs |6 ++
configure | 22
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |6 ++
configure | 22 ++
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/Makefile.objs b/Makefile.objs
index 5ebbcfa..13db9f3 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -96,6 +96,12
v1:
* Full seccomp calls and data included in vl.c
v2:
* Full seccomp calls and data removed from vl.c and put into separate
qemu-seccomp.[ch] file.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 13 +
1 files changed, 13 insertions(+), 0 deletions(-)
diff
v7:
* New in v7
* The seccomp filter can be switched on and off using the command line
option -sandbox, the default value is off.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-config.c | 13 +
qemu-config.h |1 +
qemu-options.hx | 10 ++
vl.c
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 141
qemu-seccomp.h | 22 +
2 files changed, 163 insertions(+), 0
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |6 ++
configure | 22 ++
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/Makefile.objs b/Makefile.objs
index 5ebbcfa..13db9f3 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -96,6 +96,12
v1:
* Full seccomp calls and data included in vl.c
v2:
* Full seccomp calls and data removed from vl.c and put into separate
qemu-seccomp.[ch] file.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 13 +
1 files changed, 13 insertions(+), 0 deletions(-)
diff
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 139
qemu-seccomp.h | 22 +
2 files changed, 161 insertions(+), 0
/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
[3] -
http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (3
/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
[3] -
http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (3
v1:
* Full seccomp calls and data included in vl.c
v2:
* Full seccomp calls and data removed from vl.c and put into separate
qemu-seccomp.[ch] file.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 13 +
1 files changed, 13 insertions(+), 0 deletions(-)
diff
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 139
qemu-seccomp.h | 22 +
2 files changed, 161 insertions(+), 0
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |6 ++
configure | 22 ++
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/Makefile.objs b/Makefile.objs
index 5ebbcfa..13db9f3 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -96,6 +96,12
On Mon, Aug 06, 2012 at 10:19:40AM -0300, Eduardo Otubo wrote:
On Fri, Aug 03, 2012 at 03:54:40PM -0500, Anthony Liguori wrote:
Eduardo Otubo ot...@linux.vnet.ibm.com writes:
The new 'trap' (debug) mode will capture the illegal system call before
it is
executed. The feature
On Fri, Aug 03, 2012 at 03:54:40PM -0500, Anthony Liguori wrote:
Eduardo Otubo ot...@linux.vnet.ibm.com writes:
The new 'trap' (debug) mode will capture the illegal system call before it
is
executed. The feature and the implementation is based on Will Drewry's
patch - https://lkml.org
used in configure script.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 31 +++
1 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/vl.c b/vl.c
index 9fea320..808f020 100644
--- a/vl.c
+++ b/vl.c
@@ -62,6 +62,14 @@
#include linux/ppdev.h
of the API have changed in this last
release, had to adapt to the new function signatures.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 139
qemu-seccomp.h | 22 +
2 files changed, 161 insertions(+), 0
sometimes is
unpredictable (as stated in man 7 signals). That's why I deliberately
used write() and _exit() functions, and had the string-to-int helper
functions as well.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp-debug.c | 95
=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
[3] -
http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss
Eduardo Otubo (4):
Adding support for libseccomp in configure and Makefile
Adding qemu-seccomp.[ch
options added:
--enable-seccomp-debug
--disable-seccomp-debug
Enabling debug will cause libseccomp to be configured with
SCMP_ACT_TRAP. This will help users/developers to catch system calls
that were not previously whitelisted.
Signed-off-by: Eduardo Otubo ot
On Tue, Jul 17, 2012 at 04:19:11PM -0300, Eduardo Otubo wrote:
Hello all,
This patch is an effort to sandbox Qemu guests using Libseccomp[0]. The
patches
that follows are pretty simple and straightforward. I added the correct
options
and checks to the configure script and the basic calls
/projects/libseccomp/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
[2] - https://lkml.org/lkml/2012/4/12/457
Eduardo Otubo (4):
Adding support for libseccomp in configure and Makefile
Adding qemu-seccomp.[ch]
Adding
open() and execve() to the whitelis
v4:
* Tests revealed a bigger set of syscalls.
* seccomp_start() now has an argument to set the mode according to the
configure option trap or kill.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 126
used in configure script.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
vl.c | 31 +++
1 file changed, 31 insertions(+)
diff --git a/vl.c b/vl.c
index 46248b9..8dc9432 100644
--- a/vl.c
+++ b/vl.c
@@ -62,6 +62,14 @@
#include linux/ppdev.h
#include linux
sometimes is
unpredictable (as stated in man 7 signals). That's why I deliberately
used write() and _exit() functions, and had the string-to-int helper
functions as well.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp-debug.c | 95
options added:
--enable-seccomp-debug
--disable-seccomp-debug
Enabling debug will cause libseccomp to be configured with
SCMP_ACT_TRAP. This will help users/developers to catch system calls
that were not previously whitelisted.
Signed-off-by: Eduardo Otubo ot
My apologies, I forgot to add the v3 into the PATCH tag.
On Thu, Jun 21, 2012 at 07:10:36PM -0300, Eduardo Otubo wrote:
Hello all,
This is the third effort to sandbox Qemu guests using Libseccomp[0]. The
patches that follows are pretty simple and straightforward. I added the
correct
=e2cfabdfd075648216f99c2c03821cf3f47c1727
Eduardo Otubo (2):
Adding support for libseccomp in configure and Makefile
Creating qemu-seccomp.[ch] and adding call to vl.c
Makefile.objs |4 +++
configure | 23 +++
qemu-seccomp.c | 88
() to the whitelis
The whitelist is getting bigger and complete, maybe it's time to drop
the RFC tag.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 88
qemu-seccomp.h | 23 +++
vl.c | 11
-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
Makefile.objs |4
configure | 23 +++
2 files changed, 27 insertions(+)
diff --git a/Makefile.objs b/Makefile.objs
index 74110dd..c0620bf 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -95,6 +95,10 @@ common-obj-y += qemu
=e2cfabdfd075648216f99c2c03821cf3f47c1727
--
Eduardo Otubo
Software Engineer
Linux Technology Center
IBM Systems Technology Group
Mobile: +55 19 8135 0885
eot...@linux.vnet.ibm.com
;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
Eduardo Otubo (2):
Adding support for libseccomp in configure
Adding basic calls to libseccomp in vl.c
configure | 25 +++
qemu-seccomp.c | 73
qemu-seccomp.h
making the configure script to add the specific
line to Makefile.obj in order to compile with appropriate support to seccomp.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 25 +
1 file changed, 25 insertions(+)
diff --git a/configure b/configure
issues
Removed code from vl.c and created qemu-seccomp.[ch]
Now using ARRAY_SIZE macro
Added more syscalls without priority/frequency set yet
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c | 73
On Fri, May 04, 2012 at 11:59:00PM +0200, Andreas Färber wrote:
Am 04.05.2012 21:08, schrieb Eduardo Otubo:
I added a syscall struct using priority levels as described in the
libseccomp
man page. The priority numbers are based to the frequency they appear in a
sample strace from
of vl.c, so that all hairiness can be added as
appropriate.
I thought it would be overkill the create a new seccomp.[c|h] just for this
purpose. But yes, we can start thinking about that since the features might
grow in the future.
Thanks for the comments,
Regards
--
Eduardo Otubo
Software Engineer
/libseccomp/
[1] -
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727
Eduardo Otubo (2):
Adding support for libseccomp in configure
Adding basic calls to libseccomp in vl.c
configure | 23 ++
vl.c | 81
Adding basic options to the configure script to use libseccomp or not.
The default is set to 'no'. If the flag --enable-libseccomp is used, the
script will check for its existence using pkg-config.
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
configure | 23
after another. The priority system places the most common rules first
in order to reduce the overhead when processing them.
Also, since this is just a first RFC, the whitelist is a little raw. We might
need your help to improve, test and fine tune the set of system calls.
Signed-off-by: Eduardo
401 - 454 of 454 matches
Mail list logo