[Qemu-devel] seccomp blacklist is not applied to all threads

2018-08-13 Thread Jann Horn via Qemu-devel
Hi! I have noticed that when a QEMU build from git master is started with "-seccomp on", the seccomp policy is only applied to the main thread, the vcpu worker thread and the VNC thread (I'm using VNC in my config); the seccomp policy is not applied to e.g. the RCU thread because it is created bef

Re: [Qemu-devel] insecure git submodule URLs

2018-07-15 Thread Jann Horn via Qemu-devel
On Sun, Jul 15, 2018 at 11:18 PM Peter Maydell wrote: > > On 15 July 2018 at 20:50, Jann Horn via Qemu-devel > wrote: > > I noticed that when I build QEMU from git for the first time, it pulls > > in submodules over the insecure git:// protocol - in other words, as > >

[Qemu-devel] insecure git submodule URLs

2018-07-15 Thread Jann Horn via Qemu-devel
Hi! I noticed that when I build QEMU from git for the first time, it pulls in submodules over the insecure git:// protocol - in other words, as far as I can tell, if I'm e.g. on an open wifi network while building QEMU for the first time, even if I cloned the main repository over https, anyone cou