[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCHv2 2/3] seccomp: adding command line support for

From: Paul Moore
Subject: Re: [Qemu-devel] [PATCHv2 2/3] seccomp: adding command line support for blacklist
Date: Wed, 18 Sep 2013 11:53:09 -0400
User-agent: KMail/4.11.1 (Linux/3.10.11-gentoo; KDE/4.11.1; x86_64; ; )

On Wednesday, September 18, 2013 08:38:17 AM Daniel P. Berrange wrote:
> Libvirt does not want to be in the business of creating seccomp syscall
> filters for QEMU. As mentioned before, IMHO that places an unacceptable
> burden on libvirt to know about the syscalls each a particular version
> of QEMU requires for its operation.

At a high level, I don't see how libvirt configuring and installing a syscall 
filter is substantially different from libvirt configuring and installing a 
network filter.

Also, and I recognize this is diverting away from a topic most of qemu-devel 
is not interested in, what about libvirt-lxc?  What about all of the other 
virtualization drivers supported by libvirt (granted, not all would be 
candidates for syscall filtering, but you get the idea).

paul moore
security and virtualization @ redhat

reply via email to

[Prev in Thread] Current Thread [Next in Thread]