Re: [Qemu-devel] [PATCHv5 4/5] seccomp: add spawn argument to command line

Daniel P. Berrange Fri, 08 Sep 2017 02:38:41 -0700

On Fri, Sep 08, 2017 at 11:10:26AM +0200, Eduardo Otubo wrote:
> This patch adds [,spawn=deny] argument to `-sandbox on' option. It
> blacklists fork and execve system calls, avoiding Qemu to spawn new
> threads or processes.
> 
> Signed-off-by: Eduardo Otubo <[email protected]>
> ---
>  include/sysemu/seccomp.h |  1 +
>  qemu-options.hx          |  9 +++++++--
>  qemu-seccomp.c           | 12 ++++++++++++
>  vl.c                     | 16 ++++++++++++++++
>  4 files changed, 36 insertions(+), 2 deletions(-)


Reviewed-by: Daniel P. Berrange <[email protected]>

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCHv5 4/5] seccomp: add spawn argument to command line

Reply via email to