[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: Restricting automounting of uncommon filesystems?
From: "Smith, Stewart via devel" <devel () lists ! fedoraproject ! org>
Date: 2023-07-30 18:59:21
Message-ID: EA67D10F-DF80-4CAF-975B-BC225FB24B48 () amazon ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
On Jul 24, 2023, at 7:47 AM, Richard W.M. Jones <rjones@redhat.com> wrote:
On Mon, Jul 24, 2023 at 10:08:50AM -0400, Demi Marie Obenour wrote:
I saw that libguestfs has a guestmount(1) tool, and I think this could be
a potential solution. An exploit against the kernel FS driver would only
grant access to a KVM guest, and the QEMU process can be tightly sandboxed
by means such as seccomp and SELinux.
Right. guestmount does however use an unholy combination of FUSE and
proxying requests through the KVM guest so this wouldn't be very fast :-/
OTOH it may be fine for the overwhelming majority of use cases, and the tradeoff of \
better hardened systems could also be worth it.
I've seen more than one implementation of "Run a Linux container on macOS" that ends \
up using ssh for the console and sshfs as the way to get data back and forth… and \
people seem to be fine with it.
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: \
after-white-space;"> <br>
<div><br>
<blockquote type="cite">
<div>On Jul 24, 2023, at 7:47 AM, Richard W.M. Jones <rjones@redhat.com> \
wrote:</div> <div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;">On Mon, Jul 24, \
2023 at 10:08:50AM -0400, Demi Marie Obenour wrote:</span><br style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;"> <blockquote type="cite" \
style="font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: \
none;"> I saw that libguestfs has a guestmount(1) tool, and I think this could be<br>
a potential solution. An exploit against the kernel FS driver would only<br>
grant access to a KVM guest, and the QEMU process can be tightly sandboxed<br>
by means such as seccomp and SELinux.<br>
</blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"> \
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;">Right. guestmount does however use \
an unholy combination of FUSE and</span><br style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> <span style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: \
inline !important;">proxying requests through the KVM guest so this wouldn't be very \
fast :-/</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;"> </div>
</blockquote>
<div><br>
</div>
<div>OTOH it may be fine for the overwhelming majority of use cases, and the tradeoff \
of better hardened systems could also be worth it.</div> <div><br>
</div>
<div>I've seen more than one implementation of "Run a Linux container on macOS" that \
ends up using ssh for the console and sshfs as the way to get data back and forth… \
and people seem to be fine with it.</div> </div>
<br>
</body>
</html>
[Attachment #4 (unknown)]
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic