qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult

From: Andreas Färber
Subject: Re: [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult
Date: Wed, 21 Nov 2012 16:20:27 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121025 Thunderbird/16.0.2 
Am 12.11.2012 20:48, schrieb Eduardo Otubo:
> Now the seccomp filter will be set to "on" even if no argument
> "-sandbox" is given.
> 
> v3: * Introduced seccomp_states enum and new functions named
>       seccomp_set_state() and seccomp_get_state()
>      (address@hidden).
>     * Merged seccomp_start() and install_seccomp_filter(),
>       moved install_seccomp_filter() to qemu-seccomp.c,
>       and renamed it.
>     * Moved CONFIG_SECCOMP pre-processor checks from Makefile.objs
>       to qemu-seccomp.c.
>     * Replace qerror_report with fprintf(stderr, "..") in main()
>       (address@hidden).
> 
> Note: This support requires libseccomp.  If you don't have access
> to libseccomp packages, you can manually build with the following
> steps:
> 
>   1) git clone git://git.code.sf.net/p/libseccomp/libseccomp
>   2) cd libseccomp
>   3) ./configure
>   4) make
>   5) make install
>   6) export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig/"

To my understanding libseccomp specifically filters Linux syscalls, no?
Are you positive that building and enabling this by default works with
mingw32, bsd, darwin, etc. and makes sense?

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
reply via email to
[Prev in Thread] Current Thread [Next in Thread]