QEMU has a `sandbox` feature, wherein it will use seccomp2 to restrict what system calls it is able to make.
Suggested-by: Ross Lagerwall <[email protected]> Signed-off-by: George Dunlap <[email protected]> --- This can't be checked in as-is, because `-sandbox` support may not have been compiled in. We therefore need to either: 1. Require that this feature be enabled to build qemu 2. Check for `-sandbox` support at runtime before CC: Ian Jackson <[email protected]> CC: Wei Liu <[email protected]> CC: Anthony Perard <[email protected]> CC: Stefano Stabellini <[email protected]> --- tools/libxl/libxl_dm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c index 6733514370..b541c1a55e 100644 --- a/tools/libxl/libxl_dm.c +++ b/tools/libxl/libxl_dm.c @@ -1448,6 +1448,10 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, // Add "-chroot [dir]" to command-line flexarray_append(dm_args, "-chroot"); flexarray_append(dm_args, chroot_dir); + + // Add sandboxing + flexarray_append(dm_args, "-sandbox"); + flexarray_append(dm_args, "on,obsolete=deny,elevateprivileges=allow,spawn=deny,resourcecontrol=deny"); } if (state->saved_state) { -- 2.18.0 _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
