Re: [Qemu-devel] [PATCHv2 3/4] Support for double whitelist filters

On Tue, Oct 23, 2012 at 11:10:58AM -0400, Corey Bryant wrote: On 10/23/2012 01:55 AM, Eduardo Otubo wrote: This patch includes a second whitelist right before the main loop. It's a smaller and more restricted whitelist, excluding execve() among many others. v2: * ctx changed

[Qemu-devel] [PATCHv2 1/4] Adding new syscalls (bugzilla 855162)

...@redhat.com Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 64329a3..a7b33e2 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -45,6 +45,13 @@ static

[Qemu-devel] [PATCHv2 3/4] Support for double whitelist filters

This patch includes a second whitelist right before the main loop. It's a smaller and more restricted whitelist, excluding execve() among many others. v2: * ctx changed to main_loop_ctx * seccomp_on now inside ifdef * open syscall added to the main_loop whitelist Signed-off-by: Eduardo

[Qemu-devel] [PATCHv2 2/4] Setting -sandbox on as deafult

Now the seccomp filter will be set to on even if no argument -sandbox is given. v2: nothing new Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- configure | 2 +- vl.c | 38 +++--- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git

[Qemu-devel] [PATCHv2 4/4] Warning messages on net devices hotplug

, and also to the Qemu options. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- hmp-commands.hx | 4 ++-- net.c | 1 + net/tap.c | 5 + qemu-options.hx | 3 ++- qmp-commands.hx | 3 ++- 5 files changed, 12 insertions(+), 4 deletions(-) diff --git a/hmp-commands.hx b

[Qemu-devel] [PATCH 2/4] Setting -sandbox on as deafult

Now the seccomp filter will be set to on even if no argument -sandbox is given. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- configure | 2 +- vl.c | 38 +++--- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/configure b

[Qemu-devel] [PATCH 3/4] Support for double whitelist filters

This patch includes a second whitelist right before the main loop. It's a smaller and more restricted whitelist, excluding execve() among many others. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 94 -- qemu

[Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug

With the inclusion of the new double whitelist seccomp filter, Qemu won't be able to execve() in runtime, thus, no hotplug net devices allowed. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- hmp.c | 6 ++ net.c | 13 + 2 files changed, 19 insertions(+) diff --git

[Qemu-devel] [PATCH 1/4] Adding new syscalls (bugzilla 855162)

According to the bug 855162[0] - there's the need of adding new syscalls to the whitelist whenn using Qemu with Libvirt. [1] - https://bugzilla.redhat.com/show_bug.cgi?id=855162 Reported-by: Paul Moore pmo...@redhat.com Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c

Re: [Qemu-devel] [PATCH] New syscalls to the seccomp whitelist

On Wed, Sep 26, 2012 at 11:14:29AM -0400, Paul Moore wrote: On Thursday, September 20, 2012 06:00:59 PM Eduardo Otubo wrote: Seccomp syscall whitelist updated after tests running qemu under libvirt ... Hi Eduardo, I know from our discussions offlist that you have an additional debugging

Re: [Qemu-devel] [PATCH] New syscalls to the seccomp whitelist

Anyone interested in taking a look at this piece of code? Thanks! On Fri, Sep 21, 2012 at 09:40:33AM -0300, Eduardo Otubo wrote: Seccomp syscall whitelist updated after tests running qemu under libvirt. Reference to the bug - https://bugzilla.redhat.com/show_bug.cgi?id=855162 Signed-off

[Qemu-devel] [PATCH] New syscalls to the seccomp whitelist

Seccomp syscall whitelist updated after tests running qemu under libvirt. Reference to the bug - https://bugzilla.redhat.com/show_bug.cgi?id=855162 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 21 - 1 file changed, 20 insertions(+), 1 deletion

[Qemu-devel] [PATCH] New syscalls to the seccomp whitelist

Seccomp syscall whitelist updated after tests running qemu under libvirt. Reference to the bug - https://bugzilla.redhat.com/show_bug.cgi?id=855162 Regards, --- qemu-seccomp.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/qemu-seccomp.c

Re: [Qemu-devel] [PATCH 0/4] Add -sandbox option to enable seccomp mode 2

On Wed, Aug 15, 2012 at 05:44:38PM -0500, Anthony Liguori wrote: Hi, I attempted to apply Eduardo's seccomp patches and ran into a number of problems. In the interest of time, I thought it would be easier for me to fix them and just respin the series myself. I've tested this as best I

Re: [Qemu-devel] Hard freeze for 1.2 today

On Wed, Aug 15, 2012 at 09:22:20AM -0500, anth...@codemonkey.ws wrote: Hi, Today is the hard freeze for 1.2. If you have any pull requests and/or patches targetted for the hard freeze, please send them by 3pm US/Central time today and clearly mark them for-1.2. If there are existing

[Qemu-devel] [PATCH v7 0/4] Sandboxing Qemu guests with Libseccomp

?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss Eduardo Otubo (4): Adding support for libseccomp in configure and Makefile Adding qemu-seccomp.[ch] Adding seccomp calls to vl.c Command line support for seccomp with -sandbox Makefile.objs |6 ++ configure | 22

[Qemu-devel] [PATCH v7 1/4] Adding support for libseccomp in configure and Makefile

-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- Makefile.objs |6 ++ configure | 22 ++ 2 files changed, 28 insertions(+), 0 deletions(-) diff --git a/Makefile.objs b/Makefile.objs index 5ebbcfa..13db9f3 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -96,6 +96,12

[Qemu-devel] [PATCH v7 3/4] Adding seccomp calls to vl.c

v1: * Full seccomp calls and data included in vl.c v2: * Full seccomp calls and data removed from vl.c and put into separate qemu-seccomp.[ch] file. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- vl.c | 13 + 1 files changed, 13 insertions(+), 0 deletions(-) diff

[Qemu-devel] [PATCH v7 4/4] Command line support for seccomp with -sandbox

v7: * New in v7 * The seccomp filter can be switched on and off using the command line option -sandbox, the default value is off. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-config.c | 13 + qemu-config.h |1 + qemu-options.hx | 10 ++ vl.c

[Qemu-devel] [PATCH v7 2/4] Adding qemu-seccomp.[ch]

of the API have changed in this last release, had to adapt to the new function signatures. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 141 qemu-seccomp.h | 22 + 2 files changed, 163 insertions(+), 0

[Qemu-devel] [PATCH v6 1/3] Adding support for libseccomp in configure and Makefile

-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- Makefile.objs |6 ++ configure | 22 ++ 2 files changed, 28 insertions(+), 0 deletions(-) diff --git a/Makefile.objs b/Makefile.objs index 5ebbcfa..13db9f3 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -96,6 +96,12

[Qemu-devel] [PATCH v6 3/3] Adding seccomp calls to vl.c

v1: * Full seccomp calls and data included in vl.c v2: * Full seccomp calls and data removed from vl.c and put into separate qemu-seccomp.[ch] file. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- vl.c | 13 + 1 files changed, 13 insertions(+), 0 deletions(-) diff

[Qemu-devel] [PATCH v6 2/3] Adding qemu-seccomp.[ch]

of the API have changed in this last release, had to adapt to the new function signatures. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 139 qemu-seccomp.h | 22 + 2 files changed, 161 insertions(+), 0

[Qemu-devel] [PATCH v6 0/3] Sandboxing Qemu guests with Libseccomp

/ [1] - http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727 [2] - https://lkml.org/lkml/2012/4/12/457 [3] - http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss Eduardo Otubo (3

[Qemu-devel] [PATCH v6 0/3] Sandboxing Qemu guests with Libseccomp

/ [1] - http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727 [2] - https://lkml.org/lkml/2012/4/12/457 [3] - http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss Eduardo Otubo (3

[Qemu-devel] [PATCH v6 3/3] Adding seccomp calls to vl.c

v1: * Full seccomp calls and data included in vl.c v2: * Full seccomp calls and data removed from vl.c and put into separate qemu-seccomp.[ch] file. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- vl.c | 13 + 1 files changed, 13 insertions(+), 0 deletions(-) diff

[Qemu-devel] [PATCH v6 2/3] Adding qemu-seccomp.[ch]

of the API have changed in this last release, had to adapt to the new function signatures. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 139 qemu-seccomp.h | 22 + 2 files changed, 161 insertions(+), 0

[Qemu-devel] [PATCH v6 1/3] Adding support for libseccomp in configure and Makefile

-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- Makefile.objs |6 ++ configure | 22 ++ 2 files changed, 28 insertions(+), 0 deletions(-) diff --git a/Makefile.objs b/Makefile.objs index 5ebbcfa..13db9f3 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -96,6 +96,12

Re: [Qemu-devel] [PATCHv5 3/4] Adding qemu-seccomp-debug.[ch]

On Mon, Aug 06, 2012 at 10:19:40AM -0300, Eduardo Otubo wrote: On Fri, Aug 03, 2012 at 03:54:40PM -0500, Anthony Liguori wrote: Eduardo Otubo ot...@linux.vnet.ibm.com writes: The new 'trap' (debug) mode will capture the illegal system call before it is executed. The feature

Re: [Qemu-devel] [PATCHv5 3/4] Adding qemu-seccomp-debug.[ch]

On Fri, Aug 03, 2012 at 03:54:40PM -0500, Anthony Liguori wrote: Eduardo Otubo ot...@linux.vnet.ibm.com writes: The new 'trap' (debug) mode will capture the illegal system call before it is executed. The feature and the implementation is based on Will Drewry's patch - https://lkml.org

[Qemu-devel] [PATCHv5 4/4] Adding seccomp calls to vl.c

used in configure script. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- vl.c | 31 +++ 1 files changed, 31 insertions(+), 0 deletions(-) diff --git a/vl.c b/vl.c index 9fea320..808f020 100644 --- a/vl.c +++ b/vl.c @@ -62,6 +62,14 @@ #include linux/ppdev.h

[Qemu-devel] [PATCHv5 2/4] Adding qemu-seccomp.[ch]

of the API have changed in this last release, had to adapt to the new function signatures. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 139 qemu-seccomp.h | 22 + 2 files changed, 161 insertions(+), 0

[Qemu-devel] [PATCHv5 3/4] Adding qemu-seccomp-debug.[ch]

sometimes is unpredictable (as stated in man 7 signals). That's why I deliberately used write() and _exit() functions, and had the string-to-int helper functions as well. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp-debug.c | 95

[Qemu-devel] [PATCHv5 0/4] Sandboxing Qemu guests with Libseccomp

=e2cfabdfd075648216f99c2c03821cf3f47c1727 [2] - https://lkml.org/lkml/2012/4/12/457 [3] - http://sourceforge.net/mailarchive/forum.php?thread_name=1633205.5jr3eG7nQ5%40siflforum_name=libseccomp-discuss Eduardo Otubo (4): Adding support for libseccomp in configure and Makefile Adding qemu-seccomp.[ch

[Qemu-devel] [PATCHv5 1/4] Adding support for libseccomp in configure and Makefile

options added: --enable-seccomp-debug --disable-seccomp-debug Enabling debug will cause libseccomp to be configured with SCMP_ACT_TRAP. This will help users/developers to catch system calls that were not previously whitelisted. Signed-off-by: Eduardo Otubo ot

Re: [Qemu-devel] [PATCHv4 0/4] Sandboxing Qemu guests with Libseccomp

On Tue, Jul 17, 2012 at 04:19:11PM -0300, Eduardo Otubo wrote: Hello all, This patch is an effort to sandbox Qemu guests using Libseccomp[0]. The patches that follows are pretty simple and straightforward. I added the correct options and checks to the configure script and the basic calls

[Qemu-devel] [PATCHv4 0/4] Sandboxing Qemu guests with Libseccomp

/projects/libseccomp/ [1] - http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727 [2] - https://lkml.org/lkml/2012/4/12/457 Eduardo Otubo (4): Adding support for libseccomp in configure and Makefile Adding qemu-seccomp.[ch] Adding

[Qemu-devel] [PATCHv4 2/4] Adding qemu-seccomp.[ch]

open() and execve() to the whitelis v4: * Tests revealed a bigger set of syscalls. * seccomp_start() now has an argument to set the mode according to the configure option trap or kill. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 126

[Qemu-devel] [PATCHv4 4/4] Adding seccomp calls to vl.c

used in configure script. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- vl.c | 31 +++ 1 file changed, 31 insertions(+) diff --git a/vl.c b/vl.c index 46248b9..8dc9432 100644 --- a/vl.c +++ b/vl.c @@ -62,6 +62,14 @@ #include linux/ppdev.h #include linux

[Qemu-devel] [PATCHv4 3/4] Adding qemu-seccomp-debug.[ch]

sometimes is unpredictable (as stated in man 7 signals). That's why I deliberately used write() and _exit() functions, and had the string-to-int helper functions as well. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp-debug.c | 95

[Qemu-devel] [PATCHv4 1/4] Adding support for libseccomp in configure and Makefile

options added: --enable-seccomp-debug --disable-seccomp-debug Enabling debug will cause libseccomp to be configured with SCMP_ACT_TRAP. This will help users/developers to catch system calls that were not previously whitelisted. Signed-off-by: Eduardo Otubo ot

Re: [Qemu-devel] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp

My apologies, I forgot to add the v3 into the PATCH tag. On Thu, Jun 21, 2012 at 07:10:36PM -0300, Eduardo Otubo wrote: Hello all, This is the third effort to sandbox Qemu guests using Libseccomp[0]. The patches that follows are pretty simple and straightforward. I added the correct

[Qemu-devel] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp

=e2cfabdfd075648216f99c2c03821cf3f47c1727 Eduardo Otubo (2): Adding support for libseccomp in configure and Makefile Creating qemu-seccomp.[ch] and adding call to vl.c Makefile.objs |4 +++ configure | 23 +++ qemu-seccomp.c | 88

[Qemu-devel] [PATCH 2/2] Creating qemu-seccomp.[ch] and adding call to vl.c

() to the whitelis The whitelist is getting bigger and complete, maybe it's time to drop the RFC tag. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 88 qemu-seccomp.h | 23 +++ vl.c | 11

[Qemu-devel] [PATCH 1/2] Adding support for libseccomp in configure and Makefile

-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- Makefile.objs |4 configure | 23 +++ 2 files changed, 27 insertions(+) diff --git a/Makefile.objs b/Makefile.objs index 74110dd..c0620bf 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -95,6 +95,10 @@ common-obj-y += qemu

Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c

=e2cfabdfd075648216f99c2c03821cf3f47c1727 -- Eduardo Otubo Software Engineer Linux Technology Center IBM Systems Technology Group Mobile: +55 19 8135 0885 eot...@linux.vnet.ibm.com

[Qemu-devel] [RFC] [PATCHv2 0/2] Sandboxing Qemu guests with Libseccomp

;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727 Eduardo Otubo (2): Adding support for libseccomp in configure Adding basic calls to libseccomp in vl.c configure | 25 +++ qemu-seccomp.c | 73 qemu-seccomp.h

[Qemu-devel] [RFC] [PATCHv2 1/2] Adding support for libseccomp in configure

making the configure script to add the specific line to Makefile.obj in order to compile with appropriate support to seccomp. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- configure | 25 + 1 file changed, 25 insertions(+) diff --git a/configure b/configure

[Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c

issues Removed code from vl.c and created qemu-seccomp.[ch] Now using ARRAY_SIZE macro Added more syscalls without priority/frequency set yet Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c | 73

Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c

On Fri, May 04, 2012 at 11:59:00PM +0200, Andreas Färber wrote: Am 04.05.2012 21:08, schrieb Eduardo Otubo: I added a syscall struct using priority levels as described in the libseccomp man page. The priority numbers are based to the frequency they appear in a sample strace from

Re: [Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c

of vl.c, so that all hairiness can be added as appropriate. I thought it would be overkill the create a new seccomp.[c|h] just for this purpose. But yes, we can start thinking about that since the features might grow in the future. Thanks for the comments, Regards -- Eduardo Otubo Software Engineer

[Qemu-devel] [RFC] [PATCH 0/2] Sandboxing Qemu guests with Libseccomp

/libseccomp/ [1] - http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commit;h=e2cfabdfd075648216f99c2c03821cf3f47c1727 Eduardo Otubo (2): Adding support for libseccomp in configure Adding basic calls to libseccomp in vl.c configure | 23 ++ vl.c | 81

[Qemu-devel] [RFC] [PATCH 1/2] Adding support for libseccomp in configure

Adding basic options to the configure script to use libseccomp or not. The default is set to 'no'. If the flag --enable-libseccomp is used, the script will check for its existence using pkg-config. Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- configure | 23

[Qemu-devel] [RFC] [PATCH 2/2] Adding basic calls to libseccomp in vl.c

after another. The priority system places the most common rules first in order to reduce the overhead when processing them. Also, since this is just a first RFC, the whitelist is a little raw. We might need your help to improve, test and fine tune the set of system calls. Signed-off-by: Eduardo

<    1   2   3   4   5