Re: [libvirt] [PATCH 5/5] qemu: launch bridge helper from libvirtd
[snip]
I still don't like using qemu-bridge-helper, but this is better than the
alternative of having qemu call it (although, due to the way that
process capabilities works, we are unable to prevent a rogue qemu
started by unprivileged libvirtd from calling it :-(
Maybe we can introduce a tighter seccomp sandbox environment that
doesn't allow the QEMU process to call exec(), open(), socket() (and
anything else?) on top of the syscalls that are already not included in
the -sandbox whitelist. This would require fd's to be passed from
libvirt. Eduardo's going to work on adding functionality in this area
in case you have any suggestions.
--
Regards,
Corey Bryant
ACK to this patch (I think I would prefer you left the qemuCaps arg in,
but others may disagree with me.)
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list