On 30/10/2015 14:44, Eduardo Otubo wrote: > From: Namsun Ch'o <namn...@safe-mail.net> > > The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are > needed for -runas to work. It also doesn't whitelist chroot, which is needed > for the -chroot option. Unfortunately, QEMU enables seccomp before it drops > privileges or chroots, so without these whitelisted, -runas and -chroot cause > QEMU to be killed with -sandbox on. This patch adds those syscalls.
I think this patch should not be applied, because it completely defeats the purpose of the sandbox. With these syscalls whitelisted, -runas and -chroot have absolutely no effect against an attacker, even with -sandbox on. Paolo
