On Fri, Dec 12, 2014 at 04:24:55PM +0100, Raymond Durand wrote: > Thanks. > > How are the rules managed so as to fit the VM system calls? > Is tuning possible? recommended? QEMU has a built-in policy that adds rules for every conceivable function that QEMU might need to execute. Given that is quite broad, the security benefit from seccomp enablement is quit low IMHO Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list