diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2016-10-06 20:41:29 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2016-10-06 20:41:29 +0000 |
commit | 8c27114eb450538657497a598fbb1c8789be820b (patch) | |
tree | 4e7bc31792c0f8d0d547fb82d7db1ff4de46aa46 | |
parent | b06eef083e05ebe2169dfb0ea4667cc30f7b53ae (diff) |
Enable pledge(2) in vmm and the VM processes: This way the VMs and
their monitor run in a very restricted environment. VMs only pledge
"stdio vmm" which allows them to do most basic functions and a subset
of vmm ioctls (the other part of vmm ioctls are only permitted in the
parent).
This requires the previous change in the vmm kernel part.
OK mlarkin@
-rw-r--r-- | usr.sbin/vmd/vmm.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/usr.sbin/vmd/vmm.c b/usr.sbin/vmd/vmm.c index 90c81ef2866..b4ebbb70f38 100644 --- a/usr.sbin/vmd/vmm.c +++ b/usr.sbin/vmd/vmm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm.c,v 1.48 2016/10/06 18:48:41 reyk Exp $ */ +/* $OpenBSD: vmm.c,v 1.49 2016/10/06 20:41:28 reyk Exp $ */ /* * Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org> @@ -155,7 +155,6 @@ vmm_run(struct privsep *ps, struct privsep_proc *p, void *arg) signal_set(&ps->ps_evsigchld, SIGCHLD, vmm_sighdlr, ps); signal_add(&ps->ps_evsigchld, NULL); -#if 0 /* * pledge in the vmm process: * stdio - for malloc and basic I/O including events. @@ -163,10 +162,8 @@ vmm_run(struct privsep *ps, struct privsep_proc *p, void *arg) * proc - for forking and maitaining vms. * recvfd - for disks, interfaces and other fds. */ - /* XXX'ed pledge to hide it from grep as long as it's disabled */ - if (XXX("stdio vmm recvfd proc", NULL) == -1) + if (pledge("stdio vmm recvfd proc", NULL) == -1) fatal("pledge"); -#endif /* Get and terminate all running VMs */ get_info_vm(ps, NULL, 1); @@ -540,15 +537,13 @@ start_vm(struct imsg *imsg, uint32_t *id) fatal("create vmm ioctl failed - exiting"); } -#if 0 /* * pledge in the vm processes: * stdio - for malloc and basic I/O including events. * vmm - for the vmm ioctls and operations. */ - if (XXX("stdio vmm", NULL) == -1) + if (pledge("stdio vmm", NULL) == -1) fatal("pledge"); -#endif /* * Set up default "flat 32 bit" register state - RIP, |