[libvirt] [PATCHv2 0/4] qemu: enable sandbox whitelist by default
Ján Tomko
jtomko at redhat.com
Tue Apr 17 14:34:32 UTC 2018
On Tue, Apr 10, 2018 at 04:49:38PM +0200, Ján Tomko wrote:
>v1: https://www.redhat.com/archives/libvir-list/2018-March/msg01965.html
>https://bugzilla.redhat.com/show_bug.cgi?id=1492597
>v2:
>* also deny resource control
>* split out and refactor the command line building
>* be explicit about denying the obsolete syscalls
>
>Ján Tomko (4):
> Introduce QEMU_CAPS_SECCOMP_BLACKLIST
> Introduce qemuBuildSeccompSandboxCommandLine
> Refactor qemuBuildSeccompSandboxCommandLine
> qemu: deny privilege elevation and spawn in seccomp
>
Thank you for the reviews, I have rebased the patches to get rid of the
old SECCOMP_SANDBOX capability and pushed the series.
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180417/d4c87a8a/attachment-0001.sig>
More information about the libvir-list
mailing list