[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCHv2 0/4] qemu: enable sandbox whitelist by default



On Tue, Apr 10, 2018 at 04:49:38PM +0200, Ján Tomko wrote:
v1: https://www.redhat.com/archives/libvir-list/2018-March/msg01965.html
https://bugzilla.redhat.com/show_bug.cgi?id=1492597
v2:
* also deny resource control
* split out and refactor the command line building
* be explicit about denying the obsolete syscalls

Ján Tomko (4):
 Introduce QEMU_CAPS_SECCOMP_BLACKLIST
 Introduce qemuBuildSeccompSandboxCommandLine
 Refactor qemuBuildSeccompSandboxCommandLine
 qemu: deny privilege elevation and spawn in seccomp


Thank you for the reviews, I have rebased the patches to get rid of the
old SECCOMP_SANDBOX capability and pushed the series.

Jano

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]