> On Jul 24, 2023, at 7:17 AM, Michael Catanzaro <mcatanzaro@xxxxxxxxxx> wrote: > > On Sun, Jul 23 2023 at 11:18:45 PM -0400, Demi Marie Obenour > <demiobenour@xxxxxxxxx> wrote: >> Then the mount needs to be done in a sandbox, such as a KVM guest or >> sandboxed userspace process. > > Hmmm... I don't think traditional sandboxing accomplishes anything > here, because we're trying to protect against kernel bugs, not > userspace bugs, and if the kernel is compromised then you escape the > sandbox. A KVM virtual machine would solve that, certainly, but that > sounds really complicated to do? We don't have any precedent for > spinning up virtual machines to perform normal desktop operations. > Doesn't that require hardware support anyway? i.e. virtualization might > be disabled at the firmware level? Many (most?) cloud environments don’t expose a nested virt capability. That being said, even qemu tcg could be a better option for confinement and deliver perfectly acceptable performance for a bunch of the use cases. It’s convenient for me, the user, to be able to use normal Linux utilities to read and write files on media for increasingly “oh goodness this makes me feel old, I swear that was current just last week” old machines, I don’t exactly need multiple hundreds of megabytes per second of IO to that media, I much prefer that a random disk image of a 1990s era Mac System Software Beta has as many obstacles as possible to being able to inject code into the kernel that I also use to log into my bank. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
