[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu: clear seccomp capability if TSYNC is not supported by host



On Thu, Aug 30, 2018 at 02:09:41PM +0200, marcandre lureau redhat com wrote:
From: Marc-André Lureau <marcandre lureau redhat com>

With qemu <= 3.0, when using "-seccomp on", the seccomp policy is only
applied to the main thread, the vcpu worker thread and other worker
threads created after seccomp policy is applied; the seccomp policy is
not applied to e.g. the RCU thread because it is created before the
seccomp policy is applied.

Since qemu commit 70dfabeaa79ba4d7a3b699abe1a047c8012db114 "seccomp:
set the seccomp filter to all threads", qemu will require seccomp
TSYNC flag, and will fail to start if the flag isn't available.

Without it, sandboxing is flawed. Disable seccomp capability if the
host is not capable of using seccomp TSYNC.


Is there a reason for qemu to advertise 'sandbox' in
query-commandline-options if it's not usable?

Copying the QEMU logic in libvirt does not seem sustainable.

Jano

Signed-off-by: Marc-André Lureau <marcandre lureau redhat com>
---
configure.ac                 |  2 +-
src/qemu/qemu_capabilities.c | 27 +++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 1 deletion(-)

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]