|
| From: | Eduardo Otubo |
| Subject: | Re: [Qemu-devel] [PATCHv3 1/3] seccomp: adding blacklist support |
| Date: | Wed, 09 Oct 2013 10:11:08 -0300 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130806 Thunderbird/17.0.8 |
On 10/08/2013 11:05 PM, Eric Blake wrote:
On 10/08/2013 06:42 PM, Eduardo Otubo wrote:v3: The "-netdev tap" option is checked in the vl.c file during the process of the command line argument list. It sets tap_enabled to true or false according to the configuration found. Later at the seccomp filter installation, this value is checked wheter to install or not thiss/wheter/whether/
Thank you.
feature. Adding a system call blacklist right before the vcpus starts. This filter is composed by the system calls that can't be executed after the guests are up. This list should be refined as whitelist is, with as much testing as we can do using virt-test. Signed-off-by: Eduardo Otubo <address@hidden> --- include/sysemu/seccomp.h | 6 ++++- qemu-seccomp.c | 64 +++++++++++++++++++++++++++++++++++++++--------- vl.c | 21 +++++++++++++++- 3 files changed, 77 insertions(+), 14 deletions(-)No review on the actual patch, just spotting a typo.
-- Eduardo Otubo IBM Linux Technology Center
| [Prev in Thread] | Current Thread | [Next in Thread] |