[libvirt] [PATCH 5/5] qemu: launch bridge helper from libvirtd
Corey Bryant
coreyb at linux.vnet.ibm.com
Fri Apr 19 13:47:05 UTC 2013
[snip]
>
> I still don't like using qemu-bridge-helper, but this is better than the
> alternative of having qemu call it (although, due to the way that
> process capabilities works, we are unable to prevent a rogue qemu
> started by unprivileged libvirtd from calling it :-(
Maybe we can introduce a tighter seccomp sandbox environment that
doesn't allow the QEMU process to call exec(), open(), socket() (and
anything else?) on top of the syscalls that are already not included in
the -sandbox whitelist. This would require fd's to be passed from
libvirt. Eduardo's going to work on adding functionality in this area
in case you have any suggestions.
--
Regards,
Corey Bryant
>
> ACK to this patch (I think I would prefer you left the qemuCaps arg in,
> but others may disagree with me.)
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
>
>
More information about the libvir-list
mailing list