Ever wondered how to protect your host from malicious activity in vm guests? How to keep parts of the hypervisor running in userspace from being a source of access to underlying host? One of the layers can be sandboxing the hypervisor itself!

I’m pleased to announce that there is a patch in review that adds Capsicum capabilities to bhyve.

The process enters capabilities mode just after generating ACPI tables (bhyve uses external tool for that – iasl(8)) and processing bootrom and framebuffer settings. It aims to limit all descriptors used by the hypervisor in userspace, and for now all but stdin, stdout, stderr are limited that way.

As the patch is still undergoing development, the final revision will have it fixed. You get all the goodies of Capsicum, ie. attacker can’t open new files or sockets, execute anything or write to read-only descriptors. Everything is limited as much as the framework allows. It doesn’t magically fix issues unrelated to Capsicum though.

The patch should apply cleanly on both FreeBSD 11 and 12. All major functions of bhyve have been tested, but I want to ask for additional hands and eyes to help the review and test process. You need to rebuild and reinstall both lib/libvmmapi and usr.sbin/bhyve. After that you can use your favourite tool as usual, there are no options that need to be specified – sandboxing is applied automatically and in case of permission problems you’ll notice the log message.

Was this post helpful to you? Yes!

Leave a comment