summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2016-10-06 20:41:29 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2016-10-06 20:41:29 +0000
commit8c27114eb450538657497a598fbb1c8789be820b (patch)
tree4e7bc31792c0f8d0d547fb82d7db1ff4de46aa46
parentb06eef083e05ebe2169dfb0ea4667cc30f7b53ae (diff)
Enable pledge(2) in vmm and the VM processes: This way the VMs and
their monitor run in a very restricted environment. VMs only pledge "stdio vmm" which allows them to do most basic functions and a subset of vmm ioctls (the other part of vmm ioctls are only permitted in the parent). This requires the previous change in the vmm kernel part. OK mlarkin@
-rw-r--r--usr.sbin/vmd/vmm.c11
1 files changed, 3 insertions, 8 deletions
diff --git a/usr.sbin/vmd/vmm.c b/usr.sbin/vmd/vmm.c
index 90c81ef2866..b4ebbb70f38 100644
--- a/usr.sbin/vmd/vmm.c
+++ b/usr.sbin/vmd/vmm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vmm.c,v 1.48 2016/10/06 18:48:41 reyk Exp $ */
+/* $OpenBSD: vmm.c,v 1.49 2016/10/06 20:41:28 reyk Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@@ -155,7 +155,6 @@ vmm_run(struct privsep *ps, struct privsep_proc *p, void *arg)
signal_set(&ps->ps_evsigchld, SIGCHLD, vmm_sighdlr, ps);
signal_add(&ps->ps_evsigchld, NULL);
-#if 0
/*
* pledge in the vmm process:
* stdio - for malloc and basic I/O including events.
@@ -163,10 +162,8 @@ vmm_run(struct privsep *ps, struct privsep_proc *p, void *arg)
* proc - for forking and maitaining vms.
* recvfd - for disks, interfaces and other fds.
*/
- /* XXX'ed pledge to hide it from grep as long as it's disabled */
- if (XXX("stdio vmm recvfd proc", NULL) == -1)
+ if (pledge("stdio vmm recvfd proc", NULL) == -1)
fatal("pledge");
-#endif
/* Get and terminate all running VMs */
get_info_vm(ps, NULL, 1);
@@ -540,15 +537,13 @@ start_vm(struct imsg *imsg, uint32_t *id)
fatal("create vmm ioctl failed - exiting");
}
-#if 0
/*
* pledge in the vm processes:
* stdio - for malloc and basic I/O including events.
* vmm - for the vmm ioctls and operations.
*/
- if (XXX("stdio vmm", NULL) == -1)
+ if (pledge("stdio vmm", NULL) == -1)
fatal("pledge");
-#endif
/*
* Set up default "flat 32 bit" register state - RIP,