[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 5/5] qemu: launch bridge helper from libvirtd




[snip]

I still don't like using qemu-bridge-helper, but this is better than the
alternative of having qemu call it (although, due to the way that
process capabilities works, we are unable to prevent a rogue qemu
started by unprivileged libvirtd from calling it :-(

Maybe we can introduce a tighter seccomp sandbox environment that doesn't allow the QEMU process to call exec(), open(), socket() (and anything else?) on top of the syscalls that are already not included in the -sandbox whitelist. This would require fd's to be passed from libvirt. Eduardo's going to work on adding functionality in this area in case you have any suggestions.

--
Regards,
Corey Bryant


ACK to this patch (I think I would prefer you left the qemuCaps arg in,
but others may disagree with me.)

--
libvir-list mailing list
libvir-list redhat com
https://www.redhat.com/mailman/listinfo/libvir-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]