From: Ian Jackson <ian.jackson@eu.citrix.com>
To: xen-devel@lists.xenproject.org
Cc: "Anthony Perard" <anthony.perard@citrix.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Ian Jackson" <Ian.Jackson@eu.citrix.com>,
"Wei Liu" <wei.liu2@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH for-4.12 v2 0/8] tools: Depriv fd checking, internal fd access
Date: Mon, 11 Jun 2018 15:13:16 +0100 [thread overview]
Message-ID: <1528726404-14924-1-git-send-email-ian.jackson@eu.citrix.com> (raw)
From: Ian Jackson <Ian.Jackson@eu.citrix.com>
This series provides the support in xen.git for auditing whether qemu
file descriptors are deprivileged, as expected with libxl
dm_restrict=1.
The approach I have chosen is to fish the descriptors out of qemu (by
using debugging facilities), and try to make hypercalls etc. using
them.
To take making a hypercall as an example: this is not easily done
without libxc. So I need to make libxc make a hypercall with a
different fd - actually, a different open-file. I do this by using
dup2 to overwrite libxc's fd with the one stolen from qemu. That
means I need to know libxc's fd number. Hence the handle access
patches in this series.
Compared to v2, this fixes the issues identified, and also, as
promised, introduces the actual descriptor checking utility here in
xen.git. Building it out-of-tree is quite tiresome and anyway the
utility might be useful for other purposes.
This is not 4.11 material. qemu depriv is not covered by support in
4.11 anyway. In 4.12 I want it to be supported, and, therefore,
tested and audited. If it becomes fully supported there, it might be
worth backporting some of these patches.
The utility `fishdescriptor', referred to, is part of the Debian
package chiark-scripts.deb. A newish version of that package is
needed. That will be dealt with fully in the corresponding osstest
patches.
Ian Jackson (8):
libxc: Drop declarations of osdep_privcmd_open and _close
libxc: Provide access to internal handles
tools: xencall, xengnttab, xengntshr: Provide access to internal fds
libxl: Provide better error message when qemu restrict user not found
tools/tests/depriv: New test utility for deprivilege auditing
tools/tests: Allow a test subdir to have `install' and `uninstall'
targets
tools/tests/depriv: Install depriv-fd-checker in our private libexec
directory
tools/tests/depriv-fd-checker: Support checking of Linux tun devices
.gitignore | 1 +
tools/libs/call/core.c | 5 +
tools/libs/call/include/xencall.h | 8 +
tools/libs/call/libxencall.map | 6 +
tools/libs/gnttab/gntshr_core.c | 6 +
tools/libs/gnttab/gnttab_core.c | 5 +
tools/libs/gnttab/include/xengnttab.h | 17 ++
tools/libs/gnttab/libxengnttab.map | 6 +
tools/libxc/include/xenctrl.h | 10 +
tools/libxc/xc_private.c | 15 ++
tools/libxc/xc_private.h | 3 -
tools/libxl/libxl_dm.c | 5 +-
tools/tests/Makefile | 7 +-
tools/tests/depriv/Makefile | 51 ++++
tools/tests/depriv/depriv-fd-checker.c | 433 +++++++++++++++++++++++++++++++++
tools/tests/mce-test/Makefile | 2 +
tools/tests/mem-sharing/Makefile | 2 +
tools/tests/xen-access/Makefile | 2 +
tools/tests/xenstore/Makefile | 2 +
19 files changed, 576 insertions(+), 10 deletions(-)
create mode 100644 tools/tests/depriv/Makefile
create mode 100644 tools/tests/depriv/depriv-fd-checker.c
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next reply other threads:[~2018-06-11 14:13 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-11 14:13 Ian Jackson [this message]
2018-06-11 14:13 ` [PATCH v2 1/8] libxc: Drop declarations of osdep_privcmd_open and _close Ian Jackson
2018-06-11 14:13 ` [PATCH v2 2/8] libxc: Provide access to internal handles Ian Jackson
2018-06-11 17:08 ` Roger Pau Monné
2018-06-11 14:13 ` [PATCH v2 3/8] tools: xencall, xengnttab, xengntshr: Provide access to internal fds Ian Jackson
2018-06-11 16:59 ` Roger Pau Monné
2018-06-11 17:11 ` Ian Jackson
2018-06-27 13:43 ` Wei Liu
2018-06-11 14:13 ` [PATCH v2 4/8] libxl: Provide better error message when qemu restrict user not found Ian Jackson
2018-06-11 14:13 ` [PATCH v2 5/8] tools/tests/depriv: New test utility for deprivilege auditing Ian Jackson
2018-06-27 13:54 ` Wei Liu
2018-06-11 14:13 ` [PATCH v2 6/8] tools/tests: Allow a test subdir to have `install' and `uninstall' targets Ian Jackson
2018-06-11 17:18 ` Roger Pau Monné
2018-06-27 13:43 ` Wei Liu
2018-06-11 14:13 ` [PATCH v2 7/8] tools/tests/depriv: Install depriv-fd-checker in our private libexec directory Ian Jackson
2018-06-11 17:23 ` Roger Pau Monné
2018-06-27 13:43 ` Wei Liu
2018-06-11 14:13 ` [PATCH v2 8/8] tools/tests/depriv-fd-checker: Support checking of Linux tun devices Ian Jackson
2018-06-27 13:55 ` Wei Liu
2018-06-27 14:07 ` Ian Jackson
2018-06-28 7:30 ` Wei Liu
2018-07-04 16:26 ` [PATCH v4 3/8] tools: xencall, xengnttab, xengntshr: Provide access to internal fds Ian Jackson
2018-07-05 7:49 ` Roger Pau Monné
2018-07-05 8:02 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1528726404-14924-1-git-send-email-ian.jackson@eu.citrix.com \
--to=ian.jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@citrix.com \
--cc=roger.pau@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.