[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult
From: |
Andreas Färber |
Subject: |
Re: [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult |
Date: |
Wed, 21 Nov 2012 16:20:27 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121025 Thunderbird/16.0.2 |
Am 12.11.2012 20:48, schrieb Eduardo Otubo:
> Now the seccomp filter will be set to "on" even if no argument
> "-sandbox" is given.
>
> v3: * Introduced seccomp_states enum and new functions named
> seccomp_set_state() and seccomp_get_state()
> (address@hidden).
> * Merged seccomp_start() and install_seccomp_filter(),
> moved install_seccomp_filter() to qemu-seccomp.c,
> and renamed it.
> * Moved CONFIG_SECCOMP pre-processor checks from Makefile.objs
> to qemu-seccomp.c.
> * Replace qerror_report with fprintf(stderr, "..") in main()
> (address@hidden).
>
> Note: This support requires libseccomp. If you don't have access
> to libseccomp packages, you can manually build with the following
> steps:
>
> 1) git clone git://git.code.sf.net/p/libseccomp/libseccomp
> 2) cd libseccomp
> 3) ./configure
> 4) make
> 5) make install
> 6) export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig/"
To my understanding libseccomp specifically filters Linux syscalls, no?
Are you positive that building and enabling this by default works with
mingw32, bsd, darwin, etc. and makes sense?
Regards,
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
- [Qemu-devel] [PATCHv3 1/5] seccomp: adding new syscalls (bugzilla 855162), Eduardo Otubo, 2012/11/12
- [Qemu-devel] [PATCHv3 3/5] net: Disallow device hotplug that causes execve(), Eduardo Otubo, 2012/11/12
- [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult, Eduardo Otubo, 2012/11/12
- [Qemu-devel] [PATCHv3 4/5] seccomp: double whitelist support, Eduardo Otubo, 2012/11/12
- [Qemu-devel] [PATCHv3 5/5] seccomp: adding debug mode, Eduardo Otubo, 2012/11/12
- Re: [Qemu-devel] [PATCHv3 1/5] seccomp: adding new syscalls (bugzilla 855162), Eduardo Otubo, 2012/11/21