[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [OSSTEST PATCH 17/17] dm restrict audit: Document future plans

Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
 ts-depriv-audit-qemu | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ts-depriv-audit-qemu b/ts-depriv-audit-qemu
index 2405b69..81bd5c0 100755
--- a/ts-depriv-audit-qemu
+++ b/ts-depriv-audit-qemu
@@ -56,6 +56,9 @@ END
+    # Ideally we would check other process properties too:
+    # eg, check that qemu has chrooted; check its uid; etc.
 sub packages () {
@@ -139,6 +142,19 @@ sub mode_ispaused () {
+# In the future when migration works, we would like to audit the qemu
+# receiving the migration stream.  This auditing should be done just
+# before the qemu starts reading the stream, as the stream might be
+# hostile and might be able to take over the receiving qemu.
+# I intend the following approach:
+#    install wrapper script for qemu, which:
+#      looks for  -incoming fd:%d   (libxl_dm.c:1416)
+#       substitutes a pipe which will cause qemu to block
+#       waits a fixed time
+#      maybe checks that qemu is reading that fd somehow
+#      runs the audit and leaves the output somewhere we can find it
+#      arranges for the blocking pipe thing to use cat to unblock qemu

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.