Re: [PATCH] qemu: clear seccomp capability if TSYNC is not supported by host

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 30, 2018 at 02:09:41PM +0200, marcandre.lureau@xxxxxxxxxx wrote:
From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

With qemu <= 3.0, when using "-seccomp on", the seccomp policy is only
applied to the main thread, the vcpu worker thread and other worker
threads created after seccomp policy is applied; the seccomp policy is
not applied to e.g. the RCU thread because it is created before the
seccomp policy is applied.

Since qemu commit 70dfabeaa79ba4d7a3b699abe1a047c8012db114 "seccomp:
set the seccomp filter to all threads", qemu will require seccomp
TSYNC flag, and will fail to start if the flag isn't available.

Without it, sandboxing is flawed. Disable seccomp capability if the
host is not capable of using seccomp TSYNC.


Is there a reason for qemu to advertise 'sandbox' in
query-commandline-options if it's not usable?

Copying the QEMU logic in libvirt does not seem sustainable.

Jano

Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
---
configure.ac                 |  2 +-
src/qemu/qemu_capabilities.c | 27 +++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 1 deletion(-)

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux