* [Qemu-devel] seccomp: remove unused syscalls - for 1.6
@ 2013-07-15 17:29 Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist Eduardo Otubo
` (2 more replies)
0 siblings, 3 replies; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-15 17:29 UTC (permalink / raw)
To: qemu-devel; +Cc: pmoore, coreyb
Hello all,
In this small patch series I basically:
1) Remove the ifdef's for the (not so) new libseccomp version that does a
best effort and translates x86_32 syscalls into x86_64 when possible.
2) Remove unused syscalls on the seccomp whitelist. For that removal, I've been
running several instances of Qemu using a script written on top of
virt-test[0]. After some weeks testing I could come up with this small list,
and safely remove them without breaking anything.
[0] - https://github.com/autotest/virt-test/wiki
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist
2013-07-15 17:29 [Qemu-devel] seccomp: remove unused syscalls - for 1.6 Eduardo Otubo
@ 2013-07-15 17:29 ` Eduardo Otubo
2013-07-15 18:55 ` Paul Moore
2013-07-15 17:29 ` [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] seccomp: remove unused syscalls - for 1.6 Eduardo Otubo
2 siblings, 1 reply; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-15 17:29 UTC (permalink / raw)
To: qemu-devel; +Cc: pmoore, coreyb, Eduardo Otubo
Since libseccomp 2.0 there's no need to check the architecture type
anymore.
Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
---
qemu-seccomp.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index ca123bf..1d5fd71 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -26,12 +26,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(timer_gettime), 254 },
{ SCMP_SYS(futex), 253 },
{ SCMP_SYS(select), 252 },
-#if defined(__x86_64__)
{ SCMP_SYS(recvfrom), 251 },
{ SCMP_SYS(sendto), 250 },
-#elif defined(__i386__)
{ SCMP_SYS(socketcall), 250 },
-#endif
{ SCMP_SYS(read), 249 },
{ SCMP_SYS(brk), 248 },
{ SCMP_SYS(clone), 247 },
@@ -40,7 +37,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(execve), 245 },
{ SCMP_SYS(open), 245 },
{ SCMP_SYS(ioctl), 245 },
-#if defined(__x86_64__)
{ SCMP_SYS(socket), 245 },
{ SCMP_SYS(setsockopt), 245 },
{ SCMP_SYS(recvmsg), 245 },
@@ -51,9 +47,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(bind), 245 },
{ SCMP_SYS(listen), 245 },
{ SCMP_SYS(semget), 245 },
-#elif defined(__i386__)
{ SCMP_SYS(ipc), 245 },
-#endif
{ SCMP_SYS(gettimeofday), 245 },
{ SCMP_SYS(readlink), 245 },
{ SCMP_SYS(access), 245 },
@@ -64,7 +58,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(statfs), 245 },
{ SCMP_SYS(unlink), 245 },
{ SCMP_SYS(wait4), 245 },
-#if defined(__i386__)
{ SCMP_SYS(fcntl64), 245 },
{ SCMP_SYS(fstat64), 245 },
{ SCMP_SYS(stat64), 245 },
@@ -77,7 +70,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(_llseek), 245 },
{ SCMP_SYS(mmap2), 245 },
{ SCMP_SYS(sigprocmask), 245 },
-#endif
{ SCMP_SYS(sched_getparam), 245 },
{ SCMP_SYS(sched_getscheduler), 245 },
{ SCMP_SYS(fstat), 245 },
@@ -145,9 +137,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(epoll_create), 242 },
{ SCMP_SYS(epoll_ctl), 242 },
{ SCMP_SYS(epoll_wait), 242 },
-#if defined(__i386__)
{ SCMP_SYS(waitpid), 242 },
-#elif defined(__x86_64__)
{ SCMP_SYS(getsockname), 242 },
{ SCMP_SYS(getpeername), 242 },
{ SCMP_SYS(accept4), 242 },
@@ -159,7 +149,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(semtimedop), 241 },
{ SCMP_SYS(epoll_ctl_old), 241 },
{ SCMP_SYS(epoll_wait_old), 241 },
-#endif
{ SCMP_SYS(epoll_pwait), 241 },
{ SCMP_SYS(epoll_create1), 241 },
{ SCMP_SYS(ppoll), 241 },
@@ -174,7 +163,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(getresuid), 241 },
{ SCMP_SYS(getresgid), 241 },
{ SCMP_SYS(getgroups), 241 },
-#if defined(__i386__)
{ SCMP_SYS(getresuid32), 241 },
{ SCMP_SYS(getresgid32), 241 },
{ SCMP_SYS(getgroups32), 241 },
@@ -193,7 +181,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(lstat64), 241 },
{ SCMP_SYS(sendfile64), 241 },
{ SCMP_SYS(ugetrlimit), 241 },
-#endif
{ SCMP_SYS(alarm), 241 },
{ SCMP_SYS(rt_sigsuspend), 241 },
{ SCMP_SYS(rt_sigqueueinfo), 241 },
--
1.8.3.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-15 17:29 [Qemu-devel] seccomp: remove unused syscalls - for 1.6 Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist Eduardo Otubo
@ 2013-07-15 17:29 ` Eduardo Otubo
2013-07-15 17:35 ` Eduardo Otubo
2013-07-15 20:57 ` Paolo Bonzini
2013-07-15 17:29 ` [Qemu-devel] seccomp: remove unused syscalls - for 1.6 Eduardo Otubo
2 siblings, 2 replies; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-15 17:29 UTC (permalink / raw)
To: qemu-devel; +Cc: pmoore, coreyb, Eduardo Otubo
Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
---
qemu-seccomp.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 1d5fd71..bfd372a 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(lseek), 245 },
{ SCMP_SYS(pselect6), 245 },
{ SCMP_SYS(fork), 245 },
- { SCMP_SYS(eventfd), 245 },
{ SCMP_SYS(rt_sigprocmask), 245 },
{ SCMP_SYS(write), 244 },
{ SCMP_SYS(fcntl), 243 },
@@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(writev), 242 },
{ SCMP_SYS(preadv), 242 },
{ SCMP_SYS(pwritev), 242 },
- { SCMP_SYS(setrlimit), 242 },
{ SCMP_SYS(ftruncate), 242 },
{ SCMP_SYS(lstat), 242 },
{ SCMP_SYS(pipe), 242 },
@@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(newfstatat), 241 },
{ SCMP_SYS(shutdown), 241 },
{ SCMP_SYS(getsockopt), 241 },
- { SCMP_SYS(semctl), 241 },
{ SCMP_SYS(semop), 241 },
{ SCMP_SYS(semtimedop), 241 },
{ SCMP_SYS(epoll_ctl_old), 241 },
@@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(fstatat64), 241 },
{ SCMP_SYS(lstat64), 241 },
{ SCMP_SYS(sendfile64), 241 },
- { SCMP_SYS(ugetrlimit), 241 },
{ SCMP_SYS(alarm), 241 },
{ SCMP_SYS(rt_sigsuspend), 241 },
{ SCMP_SYS(rt_sigqueueinfo), 241 },
@@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(lchown), 241 },
{ SCMP_SYS(fchownat), 241 },
{ SCMP_SYS(fstatfs), 241 },
- { SCMP_SYS(sendfile), 241 },
{ SCMP_SYS(getitimer), 241 },
{ SCMP_SYS(syncfs), 241 },
{ SCMP_SYS(fsync), 241 },
{ SCMP_SYS(fchdir), 241 },
- { SCMP_SYS(flock), 241 },
{ SCMP_SYS(msync), 241 },
{ SCMP_SYS(sched_setparam), 241 },
{ SCMP_SYS(sched_setscheduler), 241 },
--
1.8.3.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-15 17:29 [Qemu-devel] seccomp: remove unused syscalls - for 1.6 Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist Eduardo Otubo
@ 2013-07-15 17:29 ` Eduardo Otubo
2 siblings, 0 replies; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-15 17:29 UTC (permalink / raw)
To: qemu-devel; +Cc: pmoore, coreyb, Eduardo Otubo
Hello all,
In this small patch series I basically:
1) Remove the ifdef's for the (not so) new libseccomp version that does a
best effort and translates x86_32 syscalls into x86_64 when possible.
2) Remove unused syscalls on the seccomp whitelist. For that removal, I've been
running several instances of Qemu using a script written on top of
virt-test[0]. After some weeks testing I could come up with this small list,
and safely remove them without breaking anything.
[0] - https://github.com/autotest/virt-test/wiki
GIT: [PATCH 1/2] seccomp: no need to check arch in syscall whitelist
GIT: [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-15 17:29 ` [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist Eduardo Otubo
@ 2013-07-15 17:35 ` Eduardo Otubo
2013-07-15 20:57 ` Paolo Bonzini
1 sibling, 0 replies; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-15 17:35 UTC (permalink / raw)
To: Eduardo Otubo; +Cc: pmoore, coreyb, qemu-devel
Sorry for the problem on my keyboard:
on the subject, please do s/gtom/from
On 07/15/2013 02:29 PM, Eduardo Otubo wrote:
> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> ---
> qemu-seccomp.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index 1d5fd71..bfd372a 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(lseek), 245 },
> { SCMP_SYS(pselect6), 245 },
> { SCMP_SYS(fork), 245 },
> - { SCMP_SYS(eventfd), 245 },
> { SCMP_SYS(rt_sigprocmask), 245 },
> { SCMP_SYS(write), 244 },
> { SCMP_SYS(fcntl), 243 },
> @@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(writev), 242 },
> { SCMP_SYS(preadv), 242 },
> { SCMP_SYS(pwritev), 242 },
> - { SCMP_SYS(setrlimit), 242 },
> { SCMP_SYS(ftruncate), 242 },
> { SCMP_SYS(lstat), 242 },
> { SCMP_SYS(pipe), 242 },
> @@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(newfstatat), 241 },
> { SCMP_SYS(shutdown), 241 },
> { SCMP_SYS(getsockopt), 241 },
> - { SCMP_SYS(semctl), 241 },
> { SCMP_SYS(semop), 241 },
> { SCMP_SYS(semtimedop), 241 },
> { SCMP_SYS(epoll_ctl_old), 241 },
> @@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(fstatat64), 241 },
> { SCMP_SYS(lstat64), 241 },
> { SCMP_SYS(sendfile64), 241 },
> - { SCMP_SYS(ugetrlimit), 241 },
> { SCMP_SYS(alarm), 241 },
> { SCMP_SYS(rt_sigsuspend), 241 },
> { SCMP_SYS(rt_sigqueueinfo), 241 },
> @@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(lchown), 241 },
> { SCMP_SYS(fchownat), 241 },
> { SCMP_SYS(fstatfs), 241 },
> - { SCMP_SYS(sendfile), 241 },
> { SCMP_SYS(getitimer), 241 },
> { SCMP_SYS(syncfs), 241 },
> { SCMP_SYS(fsync), 241 },
> { SCMP_SYS(fchdir), 241 },
> - { SCMP_SYS(flock), 241 },
> { SCMP_SYS(msync), 241 },
> { SCMP_SYS(sched_setparam), 241 },
> { SCMP_SYS(sched_setscheduler), 241 },
>
--
Eduardo Otubo
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist
2013-07-15 17:29 ` [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist Eduardo Otubo
@ 2013-07-15 18:55 ` Paul Moore
2013-07-16 17:46 ` Eduardo Otubo
0 siblings, 1 reply; 22+ messages in thread
From: Paul Moore @ 2013-07-15 18:55 UTC (permalink / raw)
To: Eduardo Otubo; +Cc: coreyb, qemu-devel
On Monday, July 15, 2013 02:29:37 PM Eduardo Otubo wrote:
> Since libseccomp 2.0 there's no need to check the architecture type
> anymore.
>
> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> ---
> qemu-seccomp.c | 13 -------------
> 1 file changed, 13 deletions(-)
Good, this should make long term maintenance easier. However, you should
probably update the configure script to require libseccomp-2.0.0 or greater.
Actually, since this is 1.6 material, I would make it dependent on
libseccomp-2.1.0 as there are a number of improvements in that release and it
has been out for a while now.
If you're feeling particularly adventurous, you could even enable the QEMU
seccomp code for x32/ARM hosts with libseccomp-2.1.0 hosts :)
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index ca123bf..1d5fd71 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -26,12 +26,9 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = { { SCMP_SYS(timer_gettime), 254 },
> { SCMP_SYS(futex), 253 },
> { SCMP_SYS(select), 252 },
> -#if defined(__x86_64__)
> { SCMP_SYS(recvfrom), 251 },
> { SCMP_SYS(sendto), 250 },
> -#elif defined(__i386__)
> { SCMP_SYS(socketcall), 250 },
> -#endif
> { SCMP_SYS(read), 249 },
> { SCMP_SYS(brk), 248 },
> { SCMP_SYS(clone), 247 },
> @@ -40,7 +37,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
> = { { SCMP_SYS(execve), 245 },
> { SCMP_SYS(open), 245 },
> { SCMP_SYS(ioctl), 245 },
> -#if defined(__x86_64__)
> { SCMP_SYS(socket), 245 },
> { SCMP_SYS(setsockopt), 245 },
> { SCMP_SYS(recvmsg), 245 },
> @@ -51,9 +47,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
> = { { SCMP_SYS(bind), 245 },
> { SCMP_SYS(listen), 245 },
> { SCMP_SYS(semget), 245 },
> -#elif defined(__i386__)
> { SCMP_SYS(ipc), 245 },
> -#endif
> { SCMP_SYS(gettimeofday), 245 },
> { SCMP_SYS(readlink), 245 },
> { SCMP_SYS(access), 245 },
> @@ -64,7 +58,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
> = { { SCMP_SYS(statfs), 245 },
> { SCMP_SYS(unlink), 245 },
> { SCMP_SYS(wait4), 245 },
> -#if defined(__i386__)
> { SCMP_SYS(fcntl64), 245 },
> { SCMP_SYS(fstat64), 245 },
> { SCMP_SYS(stat64), 245 },
> @@ -77,7 +70,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
> = { { SCMP_SYS(_llseek), 245 },
> { SCMP_SYS(mmap2), 245 },
> { SCMP_SYS(sigprocmask), 245 },
> -#endif
> { SCMP_SYS(sched_getparam), 245 },
> { SCMP_SYS(sched_getscheduler), 245 },
> { SCMP_SYS(fstat), 245 },
> @@ -145,9 +137,7 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = { { SCMP_SYS(epoll_create), 242 },
> { SCMP_SYS(epoll_ctl), 242 },
> { SCMP_SYS(epoll_wait), 242 },
> -#if defined(__i386__)
> { SCMP_SYS(waitpid), 242 },
> -#elif defined(__x86_64__)
> { SCMP_SYS(getsockname), 242 },
> { SCMP_SYS(getpeername), 242 },
> { SCMP_SYS(accept4), 242 },
> @@ -159,7 +149,6 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = { { SCMP_SYS(semtimedop), 241 },
> { SCMP_SYS(epoll_ctl_old), 241 },
> { SCMP_SYS(epoll_wait_old), 241 },
> -#endif
> { SCMP_SYS(epoll_pwait), 241 },
> { SCMP_SYS(epoll_create1), 241 },
> { SCMP_SYS(ppoll), 241 },
> @@ -174,7 +163,6 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = { { SCMP_SYS(getresuid), 241 },
> { SCMP_SYS(getresgid), 241 },
> { SCMP_SYS(getgroups), 241 },
> -#if defined(__i386__)
> { SCMP_SYS(getresuid32), 241 },
> { SCMP_SYS(getresgid32), 241 },
> { SCMP_SYS(getgroups32), 241 },
> @@ -193,7 +181,6 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = { { SCMP_SYS(lstat64), 241 },
> { SCMP_SYS(sendfile64), 241 },
> { SCMP_SYS(ugetrlimit), 241 },
> -#endif
> { SCMP_SYS(alarm), 241 },
> { SCMP_SYS(rt_sigsuspend), 241 },
> { SCMP_SYS(rt_sigqueueinfo), 241 },
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-15 17:29 ` [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist Eduardo Otubo
2013-07-15 17:35 ` Eduardo Otubo
@ 2013-07-15 20:57 ` Paolo Bonzini
2013-07-16 17:45 ` Eduardo Otubo
1 sibling, 1 reply; 22+ messages in thread
From: Paolo Bonzini @ 2013-07-15 20:57 UTC (permalink / raw)
To: Eduardo Otubo; +Cc: pmoore, coreyb, qemu-devel
Il 15/07/2013 19:29, Eduardo Otubo ha scritto:
> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> ---
> qemu-seccomp.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index 1d5fd71..bfd372a 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(lseek), 245 },
> { SCMP_SYS(pselect6), 245 },
> { SCMP_SYS(fork), 245 },
> - { SCMP_SYS(eventfd), 245 },
ACK, the one we use is eventfd2
> { SCMP_SYS(rt_sigprocmask), 245 },
> { SCMP_SYS(write), 244 },
> { SCMP_SYS(fcntl), 243 },
> @@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(writev), 242 },
> { SCMP_SYS(preadv), 242 },
> { SCMP_SYS(pwritev), 242 },
> - { SCMP_SYS(setrlimit), 242 },
Used by Xen.
> { SCMP_SYS(ftruncate), 242 },
> { SCMP_SYS(lstat), 242 },
> { SCMP_SYS(pipe), 242 },
> @@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(newfstatat), 241 },
> { SCMP_SYS(shutdown), 241 },
> { SCMP_SYS(getsockopt), 241 },
> - { SCMP_SYS(semctl), 241 },
ACK.
> { SCMP_SYS(semop), 241 },
> { SCMP_SYS(semtimedop), 241 },
> { SCMP_SYS(epoll_ctl_old), 241 },
> @@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(fstatat64), 241 },
> { SCMP_SYS(lstat64), 241 },
> { SCMP_SYS(sendfile64), 241 },
> - { SCMP_SYS(ugetrlimit), 241 },
Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper
calls it?
> { SCMP_SYS(alarm), 241 },
> { SCMP_SYS(rt_sigsuspend), 241 },
> { SCMP_SYS(rt_sigqueueinfo), 241 },
> @@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
> { SCMP_SYS(lchown), 241 },
> { SCMP_SYS(fchownat), 241 },
> { SCMP_SYS(fstatfs), 241 },
> - { SCMP_SYS(sendfile), 241 },
Should probably remove sendfile64 too?
> { SCMP_SYS(getitimer), 241 },
> { SCMP_SYS(syncfs), 241 },
> { SCMP_SYS(fsync), 241 },
> { SCMP_SYS(fchdir), 241 },
> - { SCMP_SYS(flock), 241 },
ACK.
Paolo
> { SCMP_SYS(msync), 241 },
> { SCMP_SYS(sched_setparam), 241 },
> { SCMP_SYS(sched_setscheduler), 241 },
>
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-15 20:57 ` Paolo Bonzini
@ 2013-07-16 17:45 ` Eduardo Otubo
2013-07-16 17:49 ` Paolo Bonzini
0 siblings, 1 reply; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-16 17:45 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: pmoore, coreyb, qemu-devel
On 07/15/2013 05:57 PM, Paolo Bonzini wrote:
> Il 15/07/2013 19:29, Eduardo Otubo ha scritto:
>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>> ---
>> qemu-seccomp.c | 6 ------
>> 1 file changed, 6 deletions(-)
>>
>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>> index 1d5fd71..bfd372a 100644
>> --- a/qemu-seccomp.c
>> +++ b/qemu-seccomp.c
>> @@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
>> { SCMP_SYS(lseek), 245 },
>> { SCMP_SYS(pselect6), 245 },
>> { SCMP_SYS(fork), 245 },
>> - { SCMP_SYS(eventfd), 245 },
>
> ACK, the one we use is eventfd2
>
>> { SCMP_SYS(rt_sigprocmask), 245 },
>> { SCMP_SYS(write), 244 },
>> { SCMP_SYS(fcntl), 243 },
>> @@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
>> { SCMP_SYS(writev), 242 },
>> { SCMP_SYS(preadv), 242 },
>> { SCMP_SYS(pwritev), 242 },
>> - { SCMP_SYS(setrlimit), 242 },
>
> Used by Xen.
OK
>
>> { SCMP_SYS(ftruncate), 242 },
>> { SCMP_SYS(lstat), 242 },
>> { SCMP_SYS(pipe), 242 },
>> @@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
>> { SCMP_SYS(newfstatat), 241 },
>> { SCMP_SYS(shutdown), 241 },
>> { SCMP_SYS(getsockopt), 241 },
>> - { SCMP_SYS(semctl), 241 },
>
> ACK.
>
>> { SCMP_SYS(semop), 241 },
>> { SCMP_SYS(semtimedop), 241 },
>> { SCMP_SYS(epoll_ctl_old), 241 },
>> @@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
>> { SCMP_SYS(fstatat64), 241 },
>> { SCMP_SYS(lstat64), 241 },
>> { SCMP_SYS(sendfile64), 241 },
>> - { SCMP_SYS(ugetrlimit), 241 },
>
> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper
> calls it?
It seems to be a glibc's wrapper, yes. Removing it anyway.
>
>> { SCMP_SYS(alarm), 241 },
>> { SCMP_SYS(rt_sigsuspend), 241 },
>> { SCMP_SYS(rt_sigqueueinfo), 241 },
>> @@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
>> { SCMP_SYS(lchown), 241 },
>> { SCMP_SYS(fchownat), 241 },
>> { SCMP_SYS(fstatfs), 241 },
>> - { SCMP_SYS(sendfile), 241 },
>
> Should probably remove sendfile64 too?
Removing sendfile64 as well on v2.
--
Eduardo Otubo
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist
2013-07-15 18:55 ` Paul Moore
@ 2013-07-16 17:46 ` Eduardo Otubo
0 siblings, 0 replies; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-16 17:46 UTC (permalink / raw)
To: Paul Moore; +Cc: coreyb, qemu-devel
On 07/15/2013 03:55 PM, Paul Moore wrote:
> On Monday, July 15, 2013 02:29:37 PM Eduardo Otubo wrote:
>> Since libseccomp 2.0 there's no need to check the architecture type
>> anymore.
>>
>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>> ---
>> qemu-seccomp.c | 13 -------------
>> 1 file changed, 13 deletions(-)
>
> Good, this should make long term maintenance easier. However, you should
> probably update the configure script to require libseccomp-2.0.0 or greater.
> Actually, since this is 1.6 material, I would make it dependent on
> libseccomp-2.1.0 as there are a number of improvements in that release and it
> has been out for a while now.
Great tip, Paul. Doing this on v2.
>
> If you're feeling particularly adventurous, you could even enable the QEMU
> seccomp code for x32/ARM hosts with libseccomp-2.1.0 hosts :)
One step at a time :-) Perhaps for Qemu 1.7?
>
>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>> index ca123bf..1d5fd71 100644
>> --- a/qemu-seccomp.c
>> +++ b/qemu-seccomp.c
>> @@ -26,12 +26,9 @@ static const struct QemuSeccompSyscall
>> seccomp_whitelist[] = { { SCMP_SYS(timer_gettime), 254 },
>> { SCMP_SYS(futex), 253 },
>> { SCMP_SYS(select), 252 },
>> -#if defined(__x86_64__)
>> { SCMP_SYS(recvfrom), 251 },
>> { SCMP_SYS(sendto), 250 },
>> -#elif defined(__i386__)
>> { SCMP_SYS(socketcall), 250 },
>> -#endif
>> { SCMP_SYS(read), 249 },
>> { SCMP_SYS(brk), 248 },
>> { SCMP_SYS(clone), 247 },
>> @@ -40,7 +37,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
>> = { { SCMP_SYS(execve), 245 },
>> { SCMP_SYS(open), 245 },
>> { SCMP_SYS(ioctl), 245 },
>> -#if defined(__x86_64__)
>> { SCMP_SYS(socket), 245 },
>> { SCMP_SYS(setsockopt), 245 },
>> { SCMP_SYS(recvmsg), 245 },
>> @@ -51,9 +47,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
>> = { { SCMP_SYS(bind), 245 },
>> { SCMP_SYS(listen), 245 },
>> { SCMP_SYS(semget), 245 },
>> -#elif defined(__i386__)
>> { SCMP_SYS(ipc), 245 },
>> -#endif
>> { SCMP_SYS(gettimeofday), 245 },
>> { SCMP_SYS(readlink), 245 },
>> { SCMP_SYS(access), 245 },
>> @@ -64,7 +58,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
>> = { { SCMP_SYS(statfs), 245 },
>> { SCMP_SYS(unlink), 245 },
>> { SCMP_SYS(wait4), 245 },
>> -#if defined(__i386__)
>> { SCMP_SYS(fcntl64), 245 },
>> { SCMP_SYS(fstat64), 245 },
>> { SCMP_SYS(stat64), 245 },
>> @@ -77,7 +70,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
>> = { { SCMP_SYS(_llseek), 245 },
>> { SCMP_SYS(mmap2), 245 },
>> { SCMP_SYS(sigprocmask), 245 },
>> -#endif
>> { SCMP_SYS(sched_getparam), 245 },
>> { SCMP_SYS(sched_getscheduler), 245 },
>> { SCMP_SYS(fstat), 245 },
>> @@ -145,9 +137,7 @@ static const struct QemuSeccompSyscall
>> seccomp_whitelist[] = { { SCMP_SYS(epoll_create), 242 },
>> { SCMP_SYS(epoll_ctl), 242 },
>> { SCMP_SYS(epoll_wait), 242 },
>> -#if defined(__i386__)
>> { SCMP_SYS(waitpid), 242 },
>> -#elif defined(__x86_64__)
>> { SCMP_SYS(getsockname), 242 },
>> { SCMP_SYS(getpeername), 242 },
>> { SCMP_SYS(accept4), 242 },
>> @@ -159,7 +149,6 @@ static const struct QemuSeccompSyscall
>> seccomp_whitelist[] = { { SCMP_SYS(semtimedop), 241 },
>> { SCMP_SYS(epoll_ctl_old), 241 },
>> { SCMP_SYS(epoll_wait_old), 241 },
>> -#endif
>> { SCMP_SYS(epoll_pwait), 241 },
>> { SCMP_SYS(epoll_create1), 241 },
>> { SCMP_SYS(ppoll), 241 },
>> @@ -174,7 +163,6 @@ static const struct QemuSeccompSyscall
>> seccomp_whitelist[] = { { SCMP_SYS(getresuid), 241 },
>> { SCMP_SYS(getresgid), 241 },
>> { SCMP_SYS(getgroups), 241 },
>> -#if defined(__i386__)
>> { SCMP_SYS(getresuid32), 241 },
>> { SCMP_SYS(getresgid32), 241 },
>> { SCMP_SYS(getgroups32), 241 },
>> @@ -193,7 +181,6 @@ static const struct QemuSeccompSyscall
>> seccomp_whitelist[] = { { SCMP_SYS(lstat64), 241 },
>> { SCMP_SYS(sendfile64), 241 },
>> { SCMP_SYS(ugetrlimit), 241 },
>> -#endif
>> { SCMP_SYS(alarm), 241 },
>> { SCMP_SYS(rt_sigsuspend), 241 },
>> { SCMP_SYS(rt_sigqueueinfo), 241 },
--
Eduardo Otubo
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-16 17:45 ` Eduardo Otubo
@ 2013-07-16 17:49 ` Paolo Bonzini
2013-07-16 18:55 ` Eduardo Otubo
2013-07-22 19:48 ` Eduardo Otubo
0 siblings, 2 replies; 22+ messages in thread
From: Paolo Bonzini @ 2013-07-16 17:49 UTC (permalink / raw)
To: Eduardo Otubo; +Cc: pmoore, coreyb, qemu-devel
Il 16/07/2013 19:45, Eduardo Otubo ha scritto:
>>>
>>> - { SCMP_SYS(ugetrlimit), 241 },
>>
>> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper
>> calls it?
>
> It seems to be a glibc's wrapper, yes. Removing it anyway.
Why if Xen uses it?
Paolo
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-16 17:49 ` Paolo Bonzini
@ 2013-07-16 18:55 ` Eduardo Otubo
2013-07-16 19:15 ` Paolo Bonzini
2013-07-22 19:48 ` Eduardo Otubo
1 sibling, 1 reply; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-16 18:55 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: pmoore, coreyb, qemu-devel
On 07/16/2013 02:49 PM, Paolo Bonzini wrote:
> Il 16/07/2013 19:45, Eduardo Otubo ha scritto:
>>>>
>>>> - { SCMP_SYS(ugetrlimit), 241 },
>>>
>>> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper
>>> calls it?
>>
>> It seems to be a glibc's wrapper, yes. Removing it anyway.
>
> Why if Xen uses it?
I'm doing virt-test runs since yesterday, it seems it doesn't use it.
>
> Paolo
>
--
Eduardo Otubo
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-16 18:55 ` Eduardo Otubo
@ 2013-07-16 19:15 ` Paolo Bonzini
0 siblings, 0 replies; 22+ messages in thread
From: Paolo Bonzini @ 2013-07-16 19:15 UTC (permalink / raw)
To: Eduardo Otubo; +Cc: pmoore, coreyb, qemu-devel
Il 16/07/2013 20:55, Eduardo Otubo ha scritto:
>>>>
>>>> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper
>>>> calls it?
>>>
>>> It seems to be a glibc's wrapper, yes. Removing it anyway.
>>
>> Why if Xen uses it?
>
> I'm doing virt-test runs since yesterday, it seems it doesn't use it.
Did you test Xen, too?
Paolo
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist
2013-07-16 17:49 ` Paolo Bonzini
2013-07-16 18:55 ` Eduardo Otubo
@ 2013-07-22 19:48 ` Eduardo Otubo
1 sibling, 0 replies; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-22 19:48 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: pmoore, coreyb, qemu-devel
Ended up my tests were inconclusive. So removing this one from this patch.
Resubmited a v3 without it.
Thanks for pointing that.
On 07/16/2013 02:49 PM, Paolo Bonzini wrote:
> Il 16/07/2013 19:45, Eduardo Otubo ha scritto:
>>>>
>>>> - { SCMP_SYS(ugetrlimit), 241 },
>>>
>>> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper
>>> calls it?
>>
>> It seems to be a glibc's wrapper, yes. Removing it anyway.
>
> Why if Xen uses it?
>
> Paolo
>
--
Eduardo Otubo
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-18 21:31 ` Peter Maydell
@ 2013-07-18 21:34 ` Paul Moore
0 siblings, 0 replies; 22+ messages in thread
From: Paul Moore @ 2013-07-18 21:34 UTC (permalink / raw)
To: Peter Maydell
Cc: Paolo Bonzini, coreyb, qemu-devel, Anthony Liguori, Eduardo Otubo
On Thursday, July 18, 2013 10:31:46 PM Peter Maydell wrote:
> On 18 July 2013 21:05, Paul Moore <pmoore@redhat.com> wrote:
> > On Thursday, July 18, 2013 08:48:10 PM Peter Maydell wrote:
> >> On 18 July 2013 20:39, Paul Moore <pmoore@redhat.com> wrote:
> >> > On the plus side, I think libseccomp is very close to being pretty much
> >> > feature complete (excluding new architectures that may pop up, at
> >> > present
> >> > we are only x86, x86_64, x32, and ARM)
> >>
> >> ...AArch64 ? :-)
> >
> > Not yet, just 32-bit ARM EABI.
> >
> > If you've got a working system and are willing to so some hacking or run
> > some tests we could work on it for a future libseccomp release. An
> > emulated AArch64 VM would also work, but that route can be slow/annoying.
>
> Simulators are all we have right now (we're juuust getting to the
> point where hardware is starting to become available). I wasn't
> being serious really, though I'm sure somebody (possibly even
> somebody at Red Hat :-)) will work around to it at some point.
Regardless, consider it a standing offer.
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-18 20:05 ` Paul Moore
@ 2013-07-18 21:31 ` Peter Maydell
2013-07-18 21:34 ` Paul Moore
0 siblings, 1 reply; 22+ messages in thread
From: Peter Maydell @ 2013-07-18 21:31 UTC (permalink / raw)
To: Paul Moore
Cc: Paolo Bonzini, coreyb, qemu-devel, Anthony Liguori, Eduardo Otubo
On 18 July 2013 21:05, Paul Moore <pmoore@redhat.com> wrote:
> On Thursday, July 18, 2013 08:48:10 PM Peter Maydell wrote:
>> On 18 July 2013 20:39, Paul Moore <pmoore@redhat.com> wrote:
>> > On the plus side, I think libseccomp is very close to being pretty much
>> > feature complete (excluding new architectures that may pop up, at present
>> > we are only x86, x86_64, x32, and ARM)
>>
>> ...AArch64 ? :-)
>>
>
> Not yet, just 32-bit ARM EABI.
>
> If you've got a working system and are willing to so some hacking or run some
> tests we could work on it for a future libseccomp release. An emulated
> AArch64 VM would also work, but that route can be slow/annoying.
Simulators are all we have right now (we're juuust getting to the
point where hardware is starting to become available). I wasn't
being serious really, though I'm sure somebody (possibly even
somebody at Red Hat :-)) will work around to it at some point.
-- PMM
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-18 19:48 ` Peter Maydell
@ 2013-07-18 20:05 ` Paul Moore
2013-07-18 21:31 ` Peter Maydell
0 siblings, 1 reply; 22+ messages in thread
From: Paul Moore @ 2013-07-18 20:05 UTC (permalink / raw)
To: Peter Maydell
Cc: Paolo Bonzini, coreyb, qemu-devel, Anthony Liguori, Eduardo Otubo
On Thursday, July 18, 2013 08:48:10 PM Peter Maydell wrote:
> On 18 July 2013 20:39, Paul Moore <pmoore@redhat.com> wrote:
> > On the plus side, I think libseccomp is very close to being pretty much
> > feature complete (excluding new architectures that may pop up, at present
> > we are only x86, x86_64, x32, and ARM)
>
> ...AArch64 ? :-)
>
Not yet, just 32-bit ARM EABI.
If you've got a working system and are willing to so some hacking or run some
tests we could work on it for a future libseccomp release. An emulated
AArch64 VM would also work, but that route can be slow/annoying.
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-18 19:39 ` Paul Moore
@ 2013-07-18 19:48 ` Peter Maydell
2013-07-18 20:05 ` Paul Moore
0 siblings, 1 reply; 22+ messages in thread
From: Peter Maydell @ 2013-07-18 19:48 UTC (permalink / raw)
To: Paul Moore
Cc: Paolo Bonzini, coreyb, qemu-devel, Anthony Liguori, Eduardo Otubo
On 18 July 2013 20:39, Paul Moore <pmoore@redhat.com> wrote:
> On the plus side, I think libseccomp is very close to being pretty much
> feature complete (excluding new architectures that may pop up, at present we
> are only x86, x86_64, x32, and ARM)
...AArch64 ? :-)
-- PMM
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-18 16:37 ` Paolo Bonzini
@ 2013-07-18 19:39 ` Paul Moore
2013-07-18 19:48 ` Peter Maydell
0 siblings, 1 reply; 22+ messages in thread
From: Paul Moore @ 2013-07-18 19:39 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: coreyb, qemu-devel, Anthony Liguori, Eduardo Otubo
On Thursday, July 18, 2013 06:37:15 PM Paolo Bonzini wrote:
> Il 18/07/2013 18:35, Eduardo Otubo ha scritto:
> > On 07/18/2013 01:28 PM, Anthony Liguori wrote:
> >> Eduardo Otubo <otubo@linux.vnet.ibm.com> writes:
> >>> Hello all,
> >>
> >>> In this small patch series I basically:
> >> Cover letter should be marked [PATCH 0/2]. Otherwise it defeats
> >> filtering.
> >>
> >> Would like to see a Reviewed-by from someone before applying this.
> >
> > I'm running some tests with qemu && xen, I'll post a v3 by the end of
> > the day. I'll format the cover letter in the correct way next time.
>
> I feel that, at some point, grep and code review must trump experiments...
>
> Paul, how did you guys handle this in other projects?
To the best of my knowledge QEMU currently stands alone with its complexity
and use of seccomp filtering. There are other applications, but they are
either of the syscall sandboxing type where the users define the filters, or
the rigid, smaller, well defined filter type. QEMU is both large and has a
huge number of options which affect the syscalls used.
At some point it would be nice to develop a mechanism to do some static
analysis on a binary and its associated libraries to come up with a worst case
filter (worst case because you might not want all the syscalls that a library
uses, e.g. glibc). Unfortunately, we don't have such a tool the moment - it's
hard enough generating correct filters with a nice architecture agnostic
manner :)
On the plus side, I think libseccomp is very close to being pretty much
feature complete (excluding new architectures that may pop up, at present we
are only x86, x86_64, x32, and ARM) so I'll be able to start turning some
effort towards better tools and patches for existing applications.
--
paul moore
security and virtualization @ redhat
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-18 16:35 ` Eduardo Otubo
@ 2013-07-18 16:37 ` Paolo Bonzini
2013-07-18 19:39 ` Paul Moore
0 siblings, 1 reply; 22+ messages in thread
From: Paolo Bonzini @ 2013-07-18 16:37 UTC (permalink / raw)
To: Eduardo Otubo; +Cc: pmoore, coreyb, qemu-devel, Anthony Liguori
Il 18/07/2013 18:35, Eduardo Otubo ha scritto:
>
>
> On 07/18/2013 01:28 PM, Anthony Liguori wrote:
>> Eduardo Otubo <otubo@linux.vnet.ibm.com> writes:
>>
>>> Hello all,
>>>
>>> In this small patch series I basically:
>>
>> Cover letter should be marked [PATCH 0/2]. Otherwise it defeats
>> filtering.
>>
>> Would like to see a Reviewed-by from someone before applying this.
>
> I'm running some tests with qemu && xen, I'll post a v3 by the end of
> the day. I'll format the cover letter in the correct way next time.
I feel that, at some point, grep and code review must trump experiments...
Paul, how did you guys handle this in other projects?
Paolo
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-18 16:28 ` Anthony Liguori
@ 2013-07-18 16:35 ` Eduardo Otubo
2013-07-18 16:37 ` Paolo Bonzini
0 siblings, 1 reply; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-18 16:35 UTC (permalink / raw)
To: Anthony Liguori; +Cc: pmoore, pbonzini, coreyb, qemu-devel
On 07/18/2013 01:28 PM, Anthony Liguori wrote:
> Eduardo Otubo <otubo@linux.vnet.ibm.com> writes:
>
>> Hello all,
>>
>> In this small patch series I basically:
>
> Cover letter should be marked [PATCH 0/2]. Otherwise it defeats
> filtering.
>
> Would like to see a Reviewed-by from someone before applying this.
I'm running some tests with qemu && xen, I'll post a v3 by the end of
the day. I'll format the cover letter in the correct way next time.
Thanks,
>
> Regards,
>
> Anthony Liguori
>
>>
>> v2 update:
>> - set libseccomp 2.1.0 as requirement on configure script.
>> - removed setrlimit and added sendfile64 to the whitelist.
>>
>> 1) Remove the ifdef's for the (not so) new libseccomp version that does a
>> best effort and translates x86_32 syscalls into x86_64 when possible.
>>
>> 2) Remove unused syscalls on the seccomp whitelist. For that removal, I've been
>> running several instances of Qemu using a script written on top of
>> virt-test[0]. After some weeks testing I could come up with this small list,
>> and safely remove them without breaking anything.
>>
>> [0] - https://github.com/autotest/virt-test/wiki
>
--
Eduardo Otubo
IBM Linux Technology Center
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [Qemu-devel] seccomp: remove unused syscalls - for 1.6
2013-07-16 18:07 Eduardo Otubo
@ 2013-07-18 16:28 ` Anthony Liguori
2013-07-18 16:35 ` Eduardo Otubo
0 siblings, 1 reply; 22+ messages in thread
From: Anthony Liguori @ 2013-07-18 16:28 UTC (permalink / raw)
To: Eduardo Otubo, qemu-devel; +Cc: pmoore, pbonzini, coreyb
Eduardo Otubo <otubo@linux.vnet.ibm.com> writes:
> Hello all,
>
> In this small patch series I basically:
Cover letter should be marked [PATCH 0/2]. Otherwise it defeats
filtering.
Would like to see a Reviewed-by from someone before applying this.
Regards,
Anthony Liguori
>
> v2 update:
> - set libseccomp 2.1.0 as requirement on configure script.
> - removed setrlimit and added sendfile64 to the whitelist.
>
> 1) Remove the ifdef's for the (not so) new libseccomp version that does a
> best effort and translates x86_32 syscalls into x86_64 when possible.
>
> 2) Remove unused syscalls on the seccomp whitelist. For that removal, I've been
> running several instances of Qemu using a script written on top of
> virt-test[0]. After some weeks testing I could come up with this small list,
> and safely remove them without breaking anything.
>
> [0] - https://github.com/autotest/virt-test/wiki
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Qemu-devel] seccomp: remove unused syscalls - for 1.6
@ 2013-07-16 18:07 Eduardo Otubo
2013-07-18 16:28 ` Anthony Liguori
0 siblings, 1 reply; 22+ messages in thread
From: Eduardo Otubo @ 2013-07-16 18:07 UTC (permalink / raw)
To: qemu-devel; +Cc: pmoore, pbonzini, coreyb
Hello all,
In this small patch series I basically:
v2 update:
- set libseccomp 2.1.0 as requirement on configure script.
- removed setrlimit and added sendfile64 to the whitelist.
1) Remove the ifdef's for the (not so) new libseccomp version that does a
best effort and translates x86_32 syscalls into x86_64 when possible.
2) Remove unused syscalls on the seccomp whitelist. For that removal, I've been
running several instances of Qemu using a script written on top of
virt-test[0]. After some weeks testing I could come up with this small list,
and safely remove them without breaking anything.
[0] - https://github.com/autotest/virt-test/wiki
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2013-07-22 19:48 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-15 17:29 [Qemu-devel] seccomp: remove unused syscalls - for 1.6 Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] [PATCH 1/2] seccomp: no need to check arch in syscall whitelist Eduardo Otubo
2013-07-15 18:55 ` Paul Moore
2013-07-16 17:46 ` Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] [PATCH 2/2] seccomp: removing unused syscalls gtom whitelist Eduardo Otubo
2013-07-15 17:35 ` Eduardo Otubo
2013-07-15 20:57 ` Paolo Bonzini
2013-07-16 17:45 ` Eduardo Otubo
2013-07-16 17:49 ` Paolo Bonzini
2013-07-16 18:55 ` Eduardo Otubo
2013-07-16 19:15 ` Paolo Bonzini
2013-07-22 19:48 ` Eduardo Otubo
2013-07-15 17:29 ` [Qemu-devel] seccomp: remove unused syscalls - for 1.6 Eduardo Otubo
2013-07-16 18:07 Eduardo Otubo
2013-07-18 16:28 ` Anthony Liguori
2013-07-18 16:35 ` Eduardo Otubo
2013-07-18 16:37 ` Paolo Bonzini
2013-07-18 19:39 ` Paul Moore
2013-07-18 19:48 ` Peter Maydell
2013-07-18 20:05 ` Paul Moore
2013-07-18 21:31 ` Peter Maydell
2013-07-18 21:34 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.