[Lguest] Syscall virtualization

[Earlence Fernandes]

So I have the following idea:

I run the lguest and a userspace which mirrors the host and its userspace.
I then make a copy of the sys_call_table and update the kernel pointer
to the copy. The copy contains stubs which vector syscalls to the ring1
kernel.

This way, if a process of interest (running on host) is context switched
onto the processor (note this is a scheduling switch), then some subset of
its syscalls (say file i/o) is redirected to the lguest kernel.

Why do this instead of simply running the process on lguest itself? I'm
thinking of avoiding porting issues like graphics/rendering related
syscalls. Instead of writing drivers that passthru to the host. Moreover, I
am trying to build a sandbox that protects from certain types of native
code. For example, I trust some portion of native code (of a process) but
not all of it. Thus the syscalls that the untrusted code makes should go
into the ring1 kernel. Example: My process allows the execution of
 downloaded arbitrary native code. This could be a privilege escalation.
Under my model, since this code is downloaded, I don't trust it. Therefore,
its syscalls (the ones that make sense, redirecting fork()/exec doesn't
make sense) that make sense are redirected to a "honeypot" kernel.

Thoughts Welcome.

-Earlence
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/lguest/attachments/20130512/24ae88c5/attachment.html>