On Tue, Apr 10, 2018 at 04:49:38PM +0200, Ján Tomko wrote:
v1: https://www.redhat.com/archives/libvir-list/2018-March/msg01965.html https://bugzilla.redhat.com/show_bug.cgi?id=1492597 v2: * also deny resource control * split out and refactor the command line building * be explicit about denying the obsolete syscalls Ján Tomko (4): Introduce QEMU_CAPS_SECCOMP_BLACKLIST Introduce qemuBuildSeccompSandboxCommandLine Refactor qemuBuildSeccompSandboxCommandLine qemu: deny privilege elevation and spawn in seccomp
Thank you for the reviews, I have rebased the patches to get rid of the old SECCOMP_SANDBOX capability and pushed the series. Jano
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
