[ovs-dev] [PATCH 0/3][RFC] Implement a chroot for ovsdb-server

Flavio Leitner fbl at redhat.com
Thu Jul 17 12:17:14 UTC 2014


On Thu, Jul 17, 2014 at 08:35:04AM +0200, Eric Sesterhenn wrote:
> On 07/16/2014 08:04 PM, Ben Pfaff wrote:
> > On Wed, Jul 16, 2014 at 02:53:37PM -0300, Flavio Leitner wrote:
> >> On Wed, Jul 16, 2014 at 09:56:20AM -0700, Ben Pfaff wrote:
> >>> On Wed, Jul 16, 2014 at 10:39:17AM -0300, Flavio Leitner wrote:
> >>> There's more than one way to chroot.  Maybe Eric is thinking of a
> >>> model where one chroots to an empty directory, after opening all the
> >>> files that one needs.  But I don't think he really explained the
> >>> model.
> >>
> >> That's true and it looks like ovsdb-server doesn't need to re-open it.
> >>
> >> But that apparently won't work for vswitchd without breaking tap
> >> devices support.
> 
> thats the reason why i looked at the ovsdb-server first.
> 
> My intent was to reduce the privileges by putting it into an
> empty chroot, after all required files are opened. In order to make
> sure, that an attacker can not do much inside this chroot, it is checked,
> that the chroot is non-writeable.

The problem with enforcing non-writeable chroot is that we lose the
ability to dump a core in case of a problem.  So, I think that could
be a warning or optional, but not enforced as proposed now.

fbl



More information about the dev mailing list