[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 00/10] Misc next patches
From: |
Daniel P . Berrangé |
Subject: |
[PULL 00/10] Misc next patches |
Date: |
Thu, 17 Feb 2022 11:57:13 +0000 |
The following changes since commit ad38520bdeb2b1e0b487db317f29119e94c1c88d:
Merge remote-tracking branch
'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2022-02-15
19:30:33 +0000)
are available in the Git repository at:
https://gitlab.com/berrange/qemu tags/misc-next-pull-request
for you to fetch changes up to 2720ceda0521bc43139cfdf45e3e470559e11ce3:
docs: expand firmware descriptor to allow flash without NVRAM (2022-02-16
18:53:26 +0000)
----------------------------------------------------------------
This misc series of changes:
- Improves documentation of SSH fingerprint checking
- Fixes SHA256 fingerprints with non-blockdev usage
- Blocks the clone3, setns, unshare & execveat syscalls
with seccomp
- Blocks process spawning via clone syscall, but allows
threads, with seccomp
- Takes over seccomp maintainer role
- Expands firmware descriptor spec to allow flash
without NVRAM
----------------------------------------------------------------
Daniel P. Berrangé (10):
block: better document SSH host key fingerprint checking
block: support sha256 fingerprint with pre-blockdev options
block: print the server key type and fingerprint on failure
seccomp: allow action to be customized per syscall
seccomp: add unit test for seccomp filtering
seccomp: fix blocking of process spawning
seccomp: block use of clone3 syscall
seccomp: block setns, unshare and execveat syscalls
MAINTAINERS: take over seccomp from Eduardo Otubo
docs: expand firmware descriptor to allow flash without NVRAM
MAINTAINERS | 5 +-
block/ssh.c | 42 +++-
docs/interop/firmware.json | 54 ++++-
docs/system/qemu-block-drivers.rst.inc | 30 ++-
softmmu/qemu-seccomp.c | 282 +++++++++++++++++++------
tests/unit/meson.build | 4 +
tests/unit/test-seccomp.c | 269 +++++++++++++++++++++++
7 files changed, 599 insertions(+), 87 deletions(-)
create mode 100644 tests/unit/test-seccomp.c
--
2.34.1
- [PULL 00/10] Misc next patches,
Daniel P . Berrangé <=
- [PULL 01/10] block: better document SSH host key fingerprint checking, Daniel P . Berrangé, 2022/02/17
- [PULL 02/10] block: support sha256 fingerprint with pre-blockdev options, Daniel P . Berrangé, 2022/02/17
- [PULL 03/10] block: print the server key type and fingerprint on failure, Daniel P . Berrangé, 2022/02/17
- [PULL 05/10] seccomp: add unit test for seccomp filtering, Daniel P . Berrangé, 2022/02/17
- [PULL 07/10] seccomp: block use of clone3 syscall, Daniel P . Berrangé, 2022/02/17
- [PULL 06/10] seccomp: fix blocking of process spawning, Daniel P . Berrangé, 2022/02/17
- [PULL 08/10] seccomp: block setns, unshare and execveat syscalls, Daniel P . Berrangé, 2022/02/17
- [PULL 04/10] seccomp: allow action to be customized per syscall, Daniel P . Berrangé, 2022/02/17
- [PULL 09/10] MAINTAINERS: take over seccomp from Eduardo Otubo, Daniel P . Berrangé, 2022/02/17
- [PULL 10/10] docs: expand firmware descriptor to allow flash without NVRAM, Daniel P . Berrangé, 2022/02/17