[Qemu-devel] [PATCHv6 0/6] seccomp: feature refactoring

Eduardo Otubo posted 6 patches 6 years, 6 months ago
Only 5 patches received!
docs/seccomp.txt         |  31 +++++
include/sysemu/seccomp.h |   8 +-
qemu-options.hx          |  26 +++-
qemu-seccomp.c           | 325 ++++++++++++++---------------------------------
vl.c                     |  82 +++++++++++-
5 files changed, 235 insertions(+), 237 deletions(-)
create mode 100644 docs/seccomp.txt
[Qemu-devel] [PATCHv6 0/6] seccomp: feature refactoring
Posted by Eduardo Otubo 6 years, 6 months ago
v6:
    * remove switch-case
    * invert obsolete option logic at vl.c
    * remove debug info
v5:
    * replaced strcmp by g_str_equal
    * removed useless goto
    * fixed style problems

v4:
    * include another field on the struct for the modes
    * remove priority
    * fixed typos
    * error handling for prctl
    * add allow|deny values for all options
    * error hanlding for wrong values for all options
    * change how binary values are treated
    * reformat help text

v3:
    * Style problems fixed

v2:
    * The semantics of the options "allow/deny" instead of booleans "on/off" remains. 
    * Added option 'children' to elevateprivileges
    * Added documentation to docs/

v1:
    * First version based on the discussion
      https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg03348.html

Eduardo Otubo (6):
  seccomp: changing from whitelist to blacklist
  seccomp: add obsolete argument to command line
  seccomp: add elevateprivileges argument to command line
  seccomp: add spawn argument to command line
  seccomp: add resourcecontrol argument to command line
  seccomp: adding documentation to new seccomp model

 docs/seccomp.txt         |  31 +++++
 include/sysemu/seccomp.h |   8 +-
 qemu-options.hx          |  26 +++-
 qemu-seccomp.c           | 325 ++++++++++++++---------------------------------
 vl.c                     |  82 +++++++++++-
 5 files changed, 235 insertions(+), 237 deletions(-)
 create mode 100644 docs/seccomp.txt

-- 
2.13.5


Re: [Qemu-devel] [PATCHv6 0/6] seccomp: feature refactoring
Posted by Eduardo Otubo 6 years, 6 months ago
On Fri, Sep 08, 2017 at 01:44:02PM +0200, Eduardo Otubo wrote:
> v6:
>     * remove switch-case
>     * invert obsolete option logic at vl.c
>     * remove debug info
> v5:
>     * replaced strcmp by g_str_equal
>     * removed useless goto
>     * fixed style problems
> 
> v4:
>     * include another field on the struct for the modes
>     * remove priority
>     * fixed typos
>     * error handling for prctl
>     * add allow|deny values for all options
>     * error hanlding for wrong values for all options
>     * change how binary values are treated
>     * reformat help text
> 
> v3:
>     * Style problems fixed
> 
> v2:
>     * The semantics of the options "allow/deny" instead of booleans "on/off" remains. 
>     * Added option 'children' to elevateprivileges
>     * Added documentation to docs/
> 
> v1:
>     * First version based on the discussion
>       https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg03348.html
> 
> Eduardo Otubo (6):
>   seccomp: changing from whitelist to blacklist
>   seccomp: add obsolete argument to command line
>   seccomp: add elevateprivileges argument to command line
>   seccomp: add spawn argument to command line
>   seccomp: add resourcecontrol argument to command line
>   seccomp: adding documentation to new seccomp model
> 
>  docs/seccomp.txt         |  31 +++++
>  include/sysemu/seccomp.h |   8 +-
>  qemu-options.hx          |  26 +++-
>  qemu-seccomp.c           | 325 ++++++++++++++---------------------------------
>  vl.c                     |  82 +++++++++++-
>  5 files changed, 235 insertions(+), 237 deletions(-)
>  create mode 100644 docs/seccomp.txt
> 
> -- 
> 2.13.5
> 
> 

Daniel or anyone else interested in reviewing, any comment left for
this patchset? If not I'll send the pull request tomorrow.

Best regards,

-- 
Eduardo Otubo
Senior Software Engineer @ RedHat

Re: [Qemu-devel] [PATCHv6 0/6] seccomp: feature refactoring
Posted by Daniel P. Berrange 6 years, 6 months ago
On Thu, Sep 14, 2017 at 05:32:15PM +0200, Eduardo Otubo wrote:
> On Fri, Sep 08, 2017 at 01:44:02PM +0200, Eduardo Otubo wrote:
> > v6:
> >     * remove switch-case
> >     * invert obsolete option logic at vl.c
> >     * remove debug info
> > v5:
> >     * replaced strcmp by g_str_equal
> >     * removed useless goto
> >     * fixed style problems
> > 
> > v4:
> >     * include another field on the struct for the modes
> >     * remove priority
> >     * fixed typos
> >     * error handling for prctl
> >     * add allow|deny values for all options
> >     * error hanlding for wrong values for all options
> >     * change how binary values are treated
> >     * reformat help text
> > 
> > v3:
> >     * Style problems fixed
> > 
> > v2:
> >     * The semantics of the options "allow/deny" instead of booleans "on/off" remains. 
> >     * Added option 'children' to elevateprivileges
> >     * Added documentation to docs/
> > 
> > v1:
> >     * First version based on the discussion
> >       https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg03348.html
> > 
> > Eduardo Otubo (6):
> >   seccomp: changing from whitelist to blacklist
> >   seccomp: add obsolete argument to command line
> >   seccomp: add elevateprivileges argument to command line
> >   seccomp: add spawn argument to command line
> >   seccomp: add resourcecontrol argument to command line
> >   seccomp: adding documentation to new seccomp model
> > 
> >  docs/seccomp.txt         |  31 +++++
> >  include/sysemu/seccomp.h |   8 +-
> >  qemu-options.hx          |  26 +++-
> >  qemu-seccomp.c           | 325 ++++++++++++++---------------------------------
> >  vl.c                     |  82 +++++++++++-
> >  5 files changed, 235 insertions(+), 237 deletions(-)
> >  create mode 100644 docs/seccomp.txt
> > 
> > -- 
> > 2.13.5
> > 
> > 
> 
> Daniel or anyone else interested in reviewing, any comment left for
> this patchset? If not I'll send the pull request tomorrow.

Only one trivial bug in patch 2 - just fix it when sending the pull
request - no need for more review.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|