spender-sandbox
commented
8 years ago What was the user-visible impact of not having the call in there?
-Brad
Open sempervictus opened 8 years ago
spender-sandbox
commented
8 years ago What was the user-visible impact of not having the call in there?
-Brad
sempervictus
commented
7 years ago Cuckoo would hang eternally waiting for the VM to be started by an outside actor. Guess not a lot of folks use KVM, which is odd since vbox won't run with most grsec/pax protections. Actually this hackery could use some exception handling around VM state, but has been working fine so far.
On Nov 26, 2016 8:15 AM, "Brad Spengler" notifications@github.com wrote:
What was the user-visible impact of not having the call in there?
-Brad
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/spender-sandbox/cuckoo-modified/pull/379#issuecomment-263062925, or mute the thread https://github.com/notifications/unsubscribe-auth/ABRPjCJUiwgbbdcHISAyeh-imcrMuRksks5rCDDpgaJpZM4K823w .
spender-sandbox
commented
7 years ago Is it libvirt version-specific? I've definitely used KVM extensively with cuckoo without any problems, and know of many others with the same experience. So I'd like to understand more about why we would need this change.
-Brad
doomedraven
commented
7 years ago My friends and I use kvm for long time with no errors/mods required also
sempervictus
commented
7 years ago I imagine most people probably take live-state snapshots and relying on libvirt to start the instance for them when instantiating one. I've been mostly using offline snaps since they dont register a relative boot time of prior to snapshot creation and just look like a freshly started host from the heuristic pespective.
Along this train of thought, i've updated the PR to check VM power state after snapshot instantiation, and only attempt to create the domain if its still off under the premise that live snapshots would have turned it on already. Internal testing in live and offline snapshot use cases seems fine - hasn't blown up yet.
KillerInstinct
commented
7 years ago How does cuckoo work if you don't take the snapshot with a running VM?
sempervictus
commented
5 years ago @KillerInstinct - boot-time automation via cloud-init, Chef, etc. Simulates a freshly started machine opening a browser and downloading "bad stuff." Sorry for the 2y lag on response there, fail on my part.
doomedraven
commented
5 years ago Repo is dead
sempervictus
commented
5 years ago Yeah, I know, was digging around for something else and ran across this thread again. Thanks for the heads up though.
Currently, LibVirt machinery can determine the snapshot and revert the VM state to it, but it jumps straight to waiting for a state change without actually issuing a create call to the domain being used.
Add a single line to call self.vms[label].create() after resolving the snapshot state and prior to entering the wait state.