On Tue, Apr 10, 2018 at 04:49:38PM +0200, Ján Tomko wrote:
>v1: https://www.redhat.com/archives/libvir-list/2018-March/msg01965.html
>https://bugzilla.redhat.com/show_bug.cgi?id=1492597
>v2:
>* also deny resource control
>* split out and refactor the command line building
>* be explicit about denying the obsolete syscalls
>
>Ján Tomko (4):
> Introduce QEMU_CAPS_SECCOMP_BLACKLIST
> Introduce qemuBuildSeccompSandboxCommandLine
> Refactor qemuBuildSeccompSandboxCommandLine
> qemu: deny privilege elevation and spawn in seccomp
>
Thank you for the reviews, I have rebased the patches to get rid of the
old SECCOMP_SANDBOX capability and pushed the series.
Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list