[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] Add argument filters to the seccomp sandbox
From: |
Paul Moore |
Subject: |
Re: [Qemu-devel] [PATCH v2] Add argument filters to the seccomp sandbox |
Date: |
Fri, 25 Sep 2015 13:03:03 -0400 |
User-agent: |
KMail/4.14.10 (Linux/4.1.5-gentoo; KDE/4.14.12; x86_64; ; ) |
On Friday, September 25, 2015 12:53:04 AM Namsun Ch'o wrote:
> Another idea which would fit in with the security model is to have a dynamic
> sandbox which enables syscalls and syscall filters based on what command
> line or config parameters are passed to QEMU on its first start.
I've suggested this in the past but to my knowledge no has done any work in
this direction, including myself. Despite the lack of progress, I still think
this is a very worthwhile idea.
--
paul moore
security @ redhat